Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-53008

    GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a ma... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-52897

    GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2025-52567

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploi... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-27514

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project... Read more

    Affected Products : glpi
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-20181

    A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute pe... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-20298

    In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by d... Read more

    Affected Products : windows universal_forwarder
    • Published: Jun. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-52997

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication proce... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52996

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in po... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-52901

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-32711

    Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_copilot
    • Published: Jun. 11, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-38002

    IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.... Read more

    Affected Products : storage_scale
    • Published: Apr. 30, 2024
    • Modified: Aug. 04, 2025

  • 6.7

    MEDIUM
    CVE-2024-20456

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, ... Read more

    Affected Products : ios_xr 8201 8202 8101-32fh 8102-64h 8201-32fh 8804 8808 8812 8818 +49 more products
    • Published: Jul. 10, 2024
    • Modified: Aug. 04, 2025

  • 6.9

    MEDIUM
    CVE-2025-54422

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passw... Read more

    Affected Products : sandboxie sandboxie
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-46716

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-46715

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.2

    CRITICAL
    CVE-2024-49360

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folde... Read more

    Affected Products : sandboxie sandboxie
    • Published: Nov. 29, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-46714

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extre... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-46713

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that wou... Read more

    Affected Products : sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-25412

    com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.... Read more

    Affected Products : gnuplot gnuplot
    • EPSS Score: %0.68
    • Published: Sep. 16, 2020
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-52361

    Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is execut... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 291275 Results