Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8471

    A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attac... Read more

    Affected Products : online_admission_system
    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-52903

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8493

    A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql injection. The a... Read more

    • Published: Aug. 02, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-10397

    A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.... Read more

    Affected Products : openafs
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 9.1

    CRITICAL
    CVE-2023-20154

    A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain me... Read more

    Affected Products : modeling_labs
    • Published: Nov. 15, 2024
    • Modified: Aug. 05, 2025

  • 5.4

    MEDIUM
    CVE-2025-46732

    OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation... Read more

    Affected Products : opencti
    • Published: Jul. 18, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2023-6604

    A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format ... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2023-6601

    A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.... Read more

    Affected Products : ffmpeg
    • Published: Jan. 06, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2024-11858

    A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintende... Read more

    Affected Products : radare2
    • Published: Dec. 15, 2024
    • Modified: Aug. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-52575

    EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by inj... Read more

    Affected Products : espocrm
    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-54138

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpo... Read more

    Affected Products : librenms
    • Published: Jul. 22, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-7701

    Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.... Read more

    Affected Products : toolkit
    • Published: Dec. 15, 2024
    • Modified: Aug. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-12326

    Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image... Read more

    Affected Products : jirafeau
    • Published: Dec. 06, 2024
    • Modified: Aug. 05, 2025

  • 7.5

    HIGH
    CVE-2024-12107

    Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS... Read more

    Affected Products : ud3tn
    • Published: Dec. 04, 2024
    • Modified: Aug. 05, 2025

  • 7.2

    HIGH
    CVE-2025-46123

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memor... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-46122

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46121

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A re... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-46120

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates o... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-46119

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrato... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46118

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remot... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 291401 Results