Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-50847

    Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.... Read more

    Affected Products : cs-cart
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-50848

    A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload ... Read more

    Affected Products : cs-cart
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2014-0468

    Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.... Read more

    Affected Products : fusionforge
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-50850

    An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passw... Read more

    Affected Products : cs-cart
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-50867

    A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.... Read more

    Affected Products : cloudclassroom
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2013-1424

    Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.... Read more

    Affected Products : matplotlib
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25691

    A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2024-45955

    Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.... Read more

    Affected Products : zena
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-41431

    When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Techni... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-52490

    An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.... Read more

    Affected Products : sync_gateway
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-22891

    When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software v... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-45346

    SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.... Read more

    Affected Products : bacula-web
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-43018

    Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some... Read more

    Affected Products : piwigo
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-23239

    When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reac... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-51951

    andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : andisearch
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-50777

    The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data includ... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-50464

    A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size ... Read more

    Affected Products : nas_firmware nas
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-45620

    An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request... Read more

    Affected Products : ptc310uv2_firmware ptc310uv2
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-45619

    An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function... Read more

    Affected Products : ptc310uv2_firmware ptc310uv2
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25692

    A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication
Showing 20 of 291368 Results