Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-26155

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection ... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025

  • 7.1

    HIGH
    CVE-2025-54134

    HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnera... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 21, 2025
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2025-54128

    HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application bec... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 21, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54127

    HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 21, 2025
    • Modified: Jul. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-26156

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and ref... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2020-17159

    Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability... Read more

    • EPSS Score: %3.54
    • Published: Dec. 10, 2020
    • Modified: Jul. 30, 2025

  • 9.3

    HIGH
    CVE-2021-27084

    Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability... Read more

    Affected Products : visual_studio_code maven_for_java
    • EPSS Score: %14.42
    • Published: Mar. 11, 2021
    • Modified: Jul. 30, 2025

  • 8.4

    HIGH
    CVE-2024-6658

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)    From 7.2.49... Read more

    • Published: Sep. 12, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2024-5998

    A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest versi... Read more

    Affected Products : langchain
    • Published: Sep. 17, 2024
    • Modified: Jul. 30, 2025

  • 8.4

    HIGH
    CVE-2025-54317

    An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025

  • 4.9

    MEDIUM
    CVE-2025-54316

    An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, ma... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-30133

    An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2025-30126

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-30125

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-30124

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch t... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2016-15046

    A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attack... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 30, 2025

  • 8.1

    HIGH
    CVE-2024-20350

    A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key.... Read more

    Affected Products : dna_center catalyst_center
    • Published: Sep. 25, 2024
    • Modified: Jul. 30, 2025

  • 5.1

    MEDIUM
    CVE-2024-5385

    A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with... Read more

    Affected Products : online_car_wash_booking_system
    • Published: May. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-7546

    A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-7545

    A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement.... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025
Showing 20 of 291002 Results