Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    CVSS31
    CVE-2025-46647

    A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect pr... Read more

    Affected Products : apisix
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 6.5

    CVSS31
    CVE-2025-45029

    WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34075

    An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:\vagra... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 3.8

    CVSS31
    CVE-2025-6942

    The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-52842

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-52841

    Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.... Read more

    Affected Products : laundry
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 6.8

    CVSS31
    CVE-2025-52559

    Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-sit... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-43025

    HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34092

    A cookie encryption bypass vulnerability exists in Google Chrome’s AppBound mechanism due to weak path validation logic within the elevation service. When Chrome encrypts a cookie key, it records its own executable path as validation metadata. Later, when... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34091

    A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repe... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34090

    A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID)... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34079

    An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34078

    A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local u... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34076

    An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary file... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34074

    An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a re... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 9.8

    CVSS31
    CVE-2025-45814

    Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 9.8

    CVSS31
    CVE-2025-45813

    ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 9.8

    CVSS31
    CVE-2025-52101

    linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-forc... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-49713

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 5.3

    CVSS31
    CVE-2025-45424

    Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025
Showing 20 of 183 Results
© cvefeed.io
Latest DB Update: Jul. 02, 2025 22:39