Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-49656

    Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.... Read more

    Affected Products : jena
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-53689

    Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.... Read more

    Affected Products : jackrabbit
    • Published: Jul. 14, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-4496

    A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipula... Read more

    • Published: May. 10, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-50151

    File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration u... Read more

    Affected Products : jena
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-8264

    Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows th... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-6505

    Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client ... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-6504

    In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.  Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a wh... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-54769

    An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execu... Read more

    Affected Products : lpar2rrd
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-54768

    An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive informa... Read more

    Affected Products : lpar2rrd
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54767

    An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.... Read more

    Affected Products : lpar2rrd
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-54766

    An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-54765

    An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the co... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2014-125116

    A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the applicatio... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2014-125114

    A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-8097

    The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for unau... Read more

    Affected Products : woodmart
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-34139

    A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topo... Read more

    Affected Products : managed_cloud
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-8103

    The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for u... Read more

    Affected Products : wpematico_rss_feed_fetcher
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-54416

    tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, a critical vulnerability has been identified in the tj-actions/branch-names' GitHub Ac... Read more

    Affected Products : branch-names
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-8175

    A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference.... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-50184

    DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that list... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal
Showing 20 of 292803 Results