Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54448

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54447

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54446

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-5835

    The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attacker... Read more

    Affected Products : droip
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-5831

    The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Sub... Read more

    Affected Products : droip
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-3614

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escapin... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8115

    A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument regi... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2021-41561

    Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.... Read more

    Affected Products : parquet-mr parquet parquet_java
    • EPSS Score: %0.41
    • Published: Dec. 20, 2021
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-3574

    In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Au... Read more

    Affected Products : scrapy
    • Published: Apr. 16, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-3572

    The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access... Read more

    Affected Products : scrapy
    • Published: Apr. 16, 2024
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-4784

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtella: before 26.05.2025.... Read more

    Affected Products : tourtella
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-45731

    A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.... Read more

    Affected Products : 2fauth
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-7001

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should hav... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-46171

    vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing... Read more

    Affected Products : vbulletin
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-54453

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-54452

    Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54451

    Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-30065

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.... Read more

    Affected Products : parquet parquet_java
    • Published: Apr. 01, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2025-3891

    A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consis... Read more

    • Published: Apr. 29, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-4976

    An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292425 Results