Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-8183

    NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS... Read more

    Affected Products : ud3tn
    • Published: Jul. 25, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2019-25224

    The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.... Read more

    Affected Products : wp_database_backup
    • Published: Jul. 25, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-33109

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of ... Read more

    Affected Products : i i
    • Published: Jul. 24, 2025
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2025-5084

    The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes i... Read more

    Affected Products : post_grid_master
    • Published: Jul. 24, 2025
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-33020

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-52082

    In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Jul. 15, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-52080

    In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.... Read more

    Affected Products : xr300_firmware xr300
    • Published: Jul. 15, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-5495

    A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is poss... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 03, 2025
    • Modified: Aug. 11, 2025

  • 7.8

    HIGH
    CVE-2025-1411

    IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.... Read more

    Affected Products : security_verify_directory
    • Published: Jun. 15, 2025
    • Modified: Aug. 11, 2025

  • 7.6

    HIGH
    CVE-2025-5990

    An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.... Read more

    Affected Products : crafty_controller
    • Published: Jun. 15, 2025
    • Modified: Aug. 11, 2025

  • 7.0

    HIGH
    CVE-2025-32797

    Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, The write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write acc... Read more

    Affected Products : conda-build
    • Published: Jun. 16, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-3515

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attac... Read more

    • Published: Jun. 17, 2025
    • Modified: Aug. 11, 2025

  • 9.3

    CRITICAL
    CVE-2012-10037

    PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution u... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 9.4

    CRITICAL
    CVE-2012-10039

    ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-8838

    A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to i... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 5.1

    MEDIUM
    CVE-2025-7020

    An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainm... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 7.1

    HIGH
    CVE-2025-55008

    The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifi... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 8.7

    HIGH
    CVE-2025-54888

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 th... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 8.0

    HIGH
    CVE-2025-54063

    Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 5.1

    MEDIUM
    CVE-2025-8866

    YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addre... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025
Showing 20 of 290985 Results