Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2014-125124

    An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p paramet... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-54832

    OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-8213

    The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-8192

    There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window betwee... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Race Condition

  • 4.9

    MEDIUM
    CVE-2025-6348

    The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more

    Affected Products : smart_slider_3
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-5720

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : customer_reviews_for_woocommerce
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-54589

    Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value d... Read more

    Affected Products : copyparty copyparty
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-54573

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email a... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-54575

    ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite... Read more

    Affected Products : imagesharp
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-54581

    vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-54433

    Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A special... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-53558

    ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-50475

    An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter in network configuration requests. This vuln... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-4425

    The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/ho... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025

  • 7.2

    HIGH
    CVE-2025-41688

    A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.... Read more

    Affected Products : mbnet_hw1_firmware mbnet_firmware
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-43018

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-40980

    A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vulnerab... Read more

    Affected Products : ultimatepos
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38498

    In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change ali... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30480

    Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.... Read more

    Affected Products : powerprotect_data_manager
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-26332

    TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information ex... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293261 Results