Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-4879

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows... Read more

    Affected Products : workspace
    • Published: Jun. 17, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-6087

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary ... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-8274

    A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-49342

    IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-49343

    IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8247

    A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads to sql injection. It is possible to initiate the attack ... Read more

    Affected Products : online_admission_system
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4821

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by ... Read more

    Affected Products : quiche
    • Published: Jun. 18, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-4820

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by ... Read more

    Affected Products : quiche
    • Published: Jun. 18, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-20141

    A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple C... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-8241

    A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is possible to initiate... Read more

    Affected Products : abc_courier_management_system
    • Published: Jul. 27, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-20177

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker m... Read more

    Affected Products : ios_xr 8201 8202 8101-32fh 8102-64h 8201-32fh 8804 8808 8812 8818 +50 more products
    • Published: Mar. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-58264

    The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.... Read more

    Affected Products : serde-json-wasm
    • Published: Jul. 27, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-8231

    A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to... Read more

    Affected Products : dir-890l_firmware dir-890l
    • Published: Jul. 27, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-8230

    A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : courier_management_system
    • Published: Jul. 27, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-4366

    A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache pois... Read more

    Affected Products : pingora
    • Published: May. 22, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-20257

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insuffic... Read more

    • Published: May. 15, 2024
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-52284

    Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8334

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argu... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-36039

    IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,... Read more

    Affected Products : aspera_faspex
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20185

    A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate p... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication
Showing 20 of 291531 Results