Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.5

    CVSS31
    CVE-2025-53820

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This ... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 7.9

    CVSS31
    CVE-2025-53819

    Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 0.0

    NONE
    CVE-2025-53818

    GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command injecti... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 0.0

    NONE
    CVE-2025-53643

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 0.0

    NONE
    CVE-2025-53640

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 7.6

    CVSS31
    CVE-2025-27582

    The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end user... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 0.0

    NONE
    CVE-2025-53639

    MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statem... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 0.0

    NONE
    CVE-2025-53623

    The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class. This vulnerability can be exploited by an attacker to e... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 7.4

    CVSS31
    CVE-2025-53101

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename temp... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 3.7

    CVSS31
    CVE-2025-53019

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename templ... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 7.5

    CVSS31
    CVE-2025-53015

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51660

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51659

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51658

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51657

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51656

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51655

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51654

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51653

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
  • 5.4

    CVSS31
    CVE-2025-51652

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 14, 2025
Showing 20 of 165 Results
© cvefeed.io
Latest DB Update: Jul. 14, 2025 21:41