Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-53285

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read o... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 3.3

    LOW
    CVE-2011-4116

    _is_safe in the File::Temp module for Perl does not properly handle symlinks.... Read more

    Affected Products : file\
    • EPSS Score: %0.16
    • Published: Jan. 31, 2020
    • Modified: Aug. 04, 2025

  • 8.8

    HIGH
    CVE-2024-27756

    GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.... Read more

    Affected Products : glpi
    • Published: Mar. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2025-53357

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can a... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-53113

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use t... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53112

    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific ... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53111

    GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53008

    GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a ma... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-52897

    GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2025-52567

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploi... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-27514

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project... Read more

    Affected Products : glpi
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-20181

    A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute pe... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-20298

    In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by d... Read more

    Affected Products : windows universal_forwarder
    • Published: Jun. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-52997

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication proce... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52996

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in po... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-52901

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-32711

    Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_copilot
    • Published: Jun. 11, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-38002

    IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.... Read more

    Affected Products : storage_scale
    • Published: Apr. 30, 2024
    • Modified: Aug. 04, 2025

  • 6.7

    MEDIUM
    CVE-2024-20456

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, ... Read more

    Affected Products : ios_xr 8201 8202 8101-32fh 8102-64h 8201-32fh 8804 8808 8812 8818 +49 more products
    • Published: Jul. 10, 2024
    • Modified: Aug. 04, 2025

  • 6.9

    MEDIUM
    CVE-2025-54422

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passw... Read more

    Affected Products : sandboxie sandboxie
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291384 Results