Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-34140

    An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resou... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-51859

    Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Mo... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-6018

    A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileg... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-53538

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncon... Read more

    Affected Products : suricata
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-4411

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dataprom Informatics PACS-ACSS allows Cross-Site Scripting (XSS).This issue affects PACS-ACSS: before 16.05.2025.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8020

    All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the... Read more

    Affected Products : private-ip
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-8058

    The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. Th... Read more

    Affected Products : glibc
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7722

    The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-6523

    Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue af... Read more

    Affected Products : devolutions_server
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-6215

    The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public (permission_callback always returns true) and invokes wp_create_user(... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6190

    The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs fro... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-5818

    The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated atta... Read more

    Affected Products : featured_image_plus
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.8

    HIGH
    CVE-2025-54365

    fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of str... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-54296

    A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-54297

    A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-54120

    PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-7437

    The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to up... Read more

    Affected Products : ebook_store
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-4968

    The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element, Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Pro... Read more

    Affected Products : page_builder
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-4395

    Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor model... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-4394

    Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography
Showing 20 of 292425 Results