Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-8744

    A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 5.2

    MEDIUM
    CVE-2025-54417

    Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerabi... Read more

    Affected Products : craft_cms
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 5.3

    MEDIUM
    CVE-2025-4581

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authenticatio... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 0.0

    NA
    CVE-2024-58238

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the... Read more

    Affected Products : linux_kernel
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 9.4

    CRITICAL
    CVE-2012-10040

    Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploi... Read more

    Affected Products : openfiler
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-8806

    A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads t... Read more

    Affected Products :
    • Published: Aug. 10, 2025
    • Modified: Aug. 11, 2025

  • 7.3

    HIGH
    CVE-2025-8758

    A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity... Read more

    Affected Products : tew-822dre_firmware
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 0.0

    NA
    CVE-2025-38499

    In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be ab... Read more

    Affected Products : linux_kernel
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 0.0

    NA
    CVE-2022-50233

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to d... Read more

    Affected Products : linux_kernel
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-8839

    A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit ... Read more

    Affected Products : jsherp
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-8752

    A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. Th... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 6.3

    MEDIUM
    CVE-2025-8763

    A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_securi... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 6.4

    MEDIUM
    CVE-2025-7726

    The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and output escaping. The theme’s JavaScript reads user-supplied '... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 6.8

    MEDIUM
    CVE-2025-8864

    Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-20234

    A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scann... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 9.1

    CRITICAL
    CVE-2025-49591

    CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain a... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-20260

    A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability... Read more

    Affected Products : clamav
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 6.1

    MEDIUM
    CVE-2025-49590

    CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before ... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025

  • 2.0

    LOW
    CVE-2025-8573

    Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concr... Read more

    Affected Products : concrete_cms concrete5
    • Published: Aug. 05, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-5071

    The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authentica... Read more

    Affected Products : ai_engine ai_engine
    • Published: Jun. 19, 2025
    • Modified: Aug. 11, 2025
Showing 20 of 290997 Results