Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-34511

    Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server u... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-34509

    Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote at... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-20279

    A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative crede... Read more

    Affected Products : unified_contact_center_express
    • Published: Jun. 04, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-20277

    A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials... Read more

    Affected Products : unified_contact_center_express
    • Published: Jun. 04, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-20276

    A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credential... Read more

    Affected Products : unified_contact_center_express
    • Published: Jun. 04, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-20275

    A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserializatio... Read more

    Affected Products : unified_contact_center_express
    • Published: Jun. 04, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-7786

    A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site ... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-6185

    Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in a client browser when accessed by a user, steal session t... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-50056

    A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.... Read more

    Affected Products : rsmail\!
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-50058

    A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-7772

    The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes ... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025

  • 6.6

    MEDIUM
    CVE-2025-53888

    RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds.... Read more

    Affected Products : riot
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-45157

    Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-6718

    The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access ... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 2.2

    LOW
    CVE-2025-6227

    Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite ... Read more

    Affected Products : mattermost_server
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-6226

    Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have acc... Read more

    Affected Products : mattermost_server
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-6023

    An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fix... Read more

    Affected Products : grafana
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-7797

    A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null poi... Read more

    Affected Products : gpac
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-6233

    Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.... Read more

    Affected Products : mattermost_server
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 4.2

    MEDIUM
    CVE-2025-6197

    An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the o... Read more

    Affected Products : grafana
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291812 Results