Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-34025

    CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 7.5

    HIGH
    CVE-2024-10382

    There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java des... Read more

    Affected Products : android car androidx.car.app
    • Published: Nov. 20, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-2297

    Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile... Read more

    Affected Products : privilege_management_for_windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-6250

    Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any pr... Read more

    Affected Products : privilege_management_for_windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-24853

    A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki t... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-24854

    A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWi... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47001

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-43712

    JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value... Read more

    Affected Products : jhipster
    • Published: Jul. 25, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20145

    A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incor... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20144

    A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a sp... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-46059

    langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this i... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-8220

    A vulnerability classified as critical has been found in Engeman Web up to 12.0.0.1. Affected is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of Cook... Read more

    Affected Products :
    • Published: Jul. 27, 2025
    • Modified: Aug. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-13972

    A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Aug. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-33014

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information... Read more

    • Published: Jul. 18, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-52363

    Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative... Read more

    Affected Products : cp3_pro_firmware cp3_pro
    • Published: Jul. 14, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-53928

    MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.... Read more

    Affected Products : maxkb
    • Published: Jul. 17, 2025
    • Modified: Aug. 02, 2025

  • 6.3

    MEDIUM
    CVE-2025-53927

    MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2... Read more

    Affected Products : maxkb
    • Published: Jul. 17, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6993

    The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corr... Read more

    Affected Products : ultimate_wp_mail
    • Published: Jul. 16, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-30483

    Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information di... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Jul. 15, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-7504

    The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the query_vars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to injec... Read more

    Affected Products : friends
    • Published: Jul. 12, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Authentication
Showing 20 of 291275 Results