Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-54126

    The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address th... Read more

    Affected Products : webassembly_micro_runtime
    • Published: Jul. 29, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-54576

    OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when usin... Read more

    Affected Products : oauth2_proxy
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8323

    The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-54834

    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2014-125121

    Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The ... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2013-10036

    A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overw... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-54575

    ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite... Read more

    Affected Products : imagesharp
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-54573

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email a... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-0712

    An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this fla... Read more

    Affected Products : apm_server
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-4421

    The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/ho... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-54425

    Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also ... Read more

    Affected Products : umbraco_cms
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-7847

    The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level a... Read more

    Affected Products : ai_engine ai_engine
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2013-10039

    A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentica... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2025-4426

    The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/ho... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-8322

    The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system admi... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-4424

    The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/ho... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025

  • 7.2

    HIGH
    CVE-2025-54433

    Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A special... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-36611

    Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privil... Read more

    Affected Products : encryption
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30480

    Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.... Read more

    Affected Products : powerprotect_data_manager
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-54581

    vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291275 Results