Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    CVSS31
    CVE-2025-7767

    A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/edit-art-medium-detail.php. The manipulation of the argument artm... Read more

    Affected Products : art_gallery_management_system
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 3.5

    CVSS31
    CVE-2024-42209

    HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.... Read more

    Affected Products : connections
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 3.5

    CVSS31
    CVE-2025-7748

    A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. Th... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 3.5

    CVSS31
    CVE-2025-7786

    A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site ... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 3.5

    CVSS31
    CVE-2025-7791

    A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site s... Read more

    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 3.5

    CVSS31
    CVE-2025-2818

    A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetooth interaction range to intercept files when transferred... Read more

    Affected Products : smart_connect
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 3.5

    CVSS31
    CVE-2025-53901

    Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is trig... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 3.5

    CVSS31
    CVE-2025-7800

    A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argum... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 3.5

    CVSS31
    CVE-2025-7802

    A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross sit... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 3.4

    CVSS31
    CVE-2025-7339

    on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade t... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 2.2

    CVSS31
    CVE-2025-6227

    Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite ... Read more

    Affected Products : mattermost_server
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 0.0

    NONE
    CVE-2025-5346

    Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keywo... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 0.0

    NONE
    CVE-2025-6391

    Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 0.0

    NONE
    CVE-2025-53888

    RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds.... Read more

    Affected Products : riot
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 0.0

    NONE
    CVE-2025-5345

    Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary f... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 0.0

    NONE
    CVE-2025-54079

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` par... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 0.0

    NONE
    CVE-2025-38349

    In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); af... Read more

    Affected Products : linux_kernel
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 0.0

    NONE
    CVE-2025-5344

    Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 0.0

    NONE
    CVE-2025-26855

    A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 0.0

    NONE
    CVE-2025-26854

    A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
Showing 20 of 198 Results
© cvefeed.io
Latest DB Update: Jul. 19, 2025 4:24