Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8495

    A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads to sql injectio... Read more

    • Published: Aug. 03, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-7907

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of ... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7911

    A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-ba... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-7902

    A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possi... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-52372

    An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2024-6519

    A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.... Read more

    Affected Products : qemu
    • Published: Oct. 21, 2024
    • Modified: Aug. 08, 2025

  • 8.6

    HIGH
    CVE-2024-20339

    A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vuln... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 08, 2025

  • 8.1

    HIGH
    CVE-2025-24472

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstre... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • Published: Feb. 11, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-54021

    An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter ... Read more

    Affected Products : fortios fortiproxy
    • Published: Jan. 14, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2024-48884

    A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 thro... Read more

    • Published: Jan. 14, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-45663

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : db2
    • Published: Nov. 21, 2024
    • Modified: Aug. 08, 2025

  • 9.6

    CRITICAL
    CVE-2024-6246

    Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not requ... Read more

    Affected Products : cam_v3_firmware cam_v3
    • Published: Nov. 22, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2023-34301

    Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 6.8

    MEDIUM
    CVE-2024-6247

    Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploi... Read more

    Affected Products : cam_v3_firmware cam_v3
    • Published: Nov. 22, 2024
    • Modified: Aug. 08, 2025

  • 6.5

    MEDIUM
    CVE-2025-8701

    A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_OprationLog/GetPageList. The manipulation of the argument optU... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-50675

    GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to ... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-26513

    The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-22963

    Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.... Read more

    Affected Products : teedy
    • Published: Jan. 13, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-6248

    Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not require... Read more

    Affected Products : cam_v3_firmware cam_v3
    • Published: Nov. 22, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2023-34309

    Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vu... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 291638 Results