Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-30125

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30124

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch t... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2016-15046

    A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attack... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2024-20350

    A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key.... Read more

    Affected Products : dna_center catalyst_center
    • Published: Sep. 25, 2024
    • Modified: Jul. 30, 2025

  • 5.1

    MEDIUM
    CVE-2024-5385

    A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with... Read more

    Affected Products : online_car_wash_booking_system
    • Published: May. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-7546

    A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7545

    A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement.... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5778

    A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /admin. The manipulation of the argument Username leads to sql injection. It is possible to launch... Read more

    Affected Products : abc_courier_management_system
    • Published: Jun. 06, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7755

    A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The ... Read more

    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2024-7259

    A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.... Read more

    Affected Products : virtualization ovirt-engine
    • Published: Sep. 26, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2025-7756

    A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclo... Read more

    Affected Products : e-commerce_site
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-7757

    A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack ca... Read more

    Affected Products : land_record_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-7948

    A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remot... Read more

    Affected Products : jsherp
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-7947

    A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the component Account Handler. The manipulation of the argument ID leads to improper authorization. It is possible to la... Read more

    Affected Products : jsherp
    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-9855

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the compone... Read more

    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 5.1

    MEDIUM
    CVE-2024-9856

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright l... Read more

    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-8755

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.... Read more

    Affected Products : loadmaster loadmaster
    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 8.9

    HIGH
    CVE-2024-8912

    An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerab... Read more

    Affected Products : looker cloud_looker
    • Published: Oct. 11, 2024
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2024-9903

    A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possi... Read more

    • Published: Oct. 12, 2024
    • Modified: Jul. 30, 2025

  • 7.5

    HIGH
    CVE-2025-4948

    A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart me... Read more

    • Published: May. 19, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292862 Results