Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40339

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated separately before a... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025

  • 7.9

    HIGH
    CVE-2025-42874

    SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. Exploitation does not ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-40935

    A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-40800

    A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002... Read more

    Affected Products : simcenter_femap solid_edge_se2025
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40331

    In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bou... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40333

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40341

    In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Race Condition

  • 5.4

    MEDIUM
    CVE-2025-63065

    Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media Library Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Assistant: from n/a th... Read more

    Affected Products : media_library_assistant
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-63077

    Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63075

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.1.7.... Read more

    Affected Products : betheme
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63072

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through <= 7.7.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-67467

    Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.... Read more

    Affected Products : givewp
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.4

    MEDIUM
    CVE-2025-63058

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <=... Read more

    Affected Products : custom_field_template
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-63049

    Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63052

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.8.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63059

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through <= 4.7.8.... Read more

    Affected Products : ninja_popups
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63037

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63061

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash Kallyas kallyas allows DOM-Based XSS.This issue affects Kallyas: from n/a through <= 4.22.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-63062

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-design-core allows PHP Local File Inclusion.This issue affects UDesign Core: from n/a through <= 4.14.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-40806

    A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is v... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authentication
Showing 20 of 5220 Results