Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-43734

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 20... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-8761

    A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been dis... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-8491

    The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possibl... Read more

    Affected Products : easy_pdf_restaurant_menu_upload
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.2

    MEDIUM
    CVE-2025-55280

    This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reve... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-53781

    Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-8916

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-8762

    A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical d... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-8907

    A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6715

    The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-54809

    F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-54464

    This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary d... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-54500

    An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-54791

    OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose informa... Read more

    Affected Products : omero.web
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2025-54074

    Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a ma... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4410

    A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-4276

    UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-49456

    Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Race Condition

  • 9.6

    CRITICAL
    CVE-2025-49457

    Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-48500

    A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions whi... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-46405

    When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292731 Results