Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-11738

    The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.... Read more

    Affected Products : duplicator
    • Actively Exploited
    • EPSS Score: %94.23
    • Published: Apr. 13, 2020
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2020-16009

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Actively Exploited
    • EPSS Score: %80.72
    • Published: Nov. 03, 2020
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2020-16013

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • Actively Exploited
    • EPSS Score: %25.50
    • Published: Jan. 08, 2021
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2020-8195

    Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low... Read more

    • Actively Exploited
    • EPSS Score: %85.27
    • Published: Jul. 10, 2020
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2020-8218

    A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.... Read more

    • Actively Exploited
    • EPSS Score: %91.07
    • Published: Jul. 30, 2020
    • Modified: Jul. 30, 2025

  • 9.1

    CRITICAL
    CVE-2024-4253

    A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized ... Read more

    Affected Products : gradio video
    • Published: Jun. 04, 2024
    • Modified: Jul. 30, 2025

  • 9.3

    CRITICAL
    CVE-2025-1987

    A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a... Read more

    Affected Products : psono_client securepass
    • Published: Jun. 21, 2025
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2021-20022

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.... Read more

    • Actively Exploited
    • EPSS Score: %46.26
    • Published: Apr. 09, 2021
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-20038

    A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200,... Read more

    • Actively Exploited
    • EPSS Score: %94.29
    • Published: Dec. 08, 2021
    • Modified: Jul. 30, 2025

  • 5.5

    MEDIUM
    CVE-2024-29745

    there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Actively Exploited
    • Published: Apr. 05, 2024
    • Modified: Jul. 30, 2025

  • 9.0

    HIGH
    CVE-2025-3820

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-base... Read more

    Affected Products : i24_firmware i24 w12_firmware w12
    • Published: Apr. 19, 2025
    • Modified: Jul. 30, 2025

  • 9.0

    HIGH
    CVE-2025-3802

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer ov... Read more

    Affected Products : i24_firmware i24 w12_firmware w12
    • Published: Apr. 19, 2025
    • Modified: Jul. 30, 2025

  • 9.0

    HIGH
    CVE-2025-3803

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buf... Read more

    Affected Products : i24_firmware i24 w12_firmware w12
    • Published: Apr. 19, 2025
    • Modified: Jul. 30, 2025

  • 9.0

    HIGH
    CVE-2025-4007

    A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json lead... Read more

    Affected Products : i24_firmware i24 w12_firmware w12
    • Published: Apr. 28, 2025
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2024-4254

    The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of ... Read more

    Affected Products : gradio video
    • Published: Jun. 04, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-36473

    Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.... Read more

    Affected Products : vpn_proxy_one
    • Published: Jun. 10, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-8179

    A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads... Read more

    • Published: Jul. 26, 2025
    • Modified: Jul. 30, 2025

  • 6.3

    MEDIUM
    CVE-2025-47943

    Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the... Read more

    Affected Products : gogs
    • Published: Jun. 24, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-24196

    A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory.... Read more

    Affected Products : macos
    • Published: Mar. 31, 2025
    • Modified: Jul. 30, 2025

  • 6.8

    MEDIUM
    CVE-2025-0140

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit ... Read more

    Affected Products : globalprotect_app
    • Published: Jul. 09, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291014 Results