Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-53621

    DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not... Read more

    Affected Products : dspace
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2025-50819

    Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic in daily_arxiv.py.... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-41237

    VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-41238

    VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this i... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-41236

    VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue ... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3792

    A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be i... Read more

    Affected Products : seacms
    • Published: Apr. 18, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-3797

    A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : seacms
    • Published: Apr. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-10116

    The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : twitter_follow_button
    • Published: Nov. 23, 2024
    • Modified: Jul. 15, 2025

  • 7.2

    HIGH
    CVE-2025-3798

    A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The... Read more

    Affected Products : wcms
    • Published: Apr. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3799

    A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch ... Read more

    Affected Products : wcms
    • Published: Apr. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3800

    A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The... Read more

    Affected Products : wcms
    • Published: Apr. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-56325

    Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"co... Read more

    Affected Products : pinot
    • Published: Apr. 01, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2023-40714

    A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements... Read more

    Affected Products : fortisiem
    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-56475

    IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-0154

    IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-56476

    IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-6151

    A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnera... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Jun. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-30677

    Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive configuration properties in plain text in application logs. ... Read more

    Affected Products : pulsar
    • Published: Apr. 09, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-31672

    Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names ... Read more

    Affected Products : active_iq_unified_manager poi
    • Published: Apr. 09, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2019-16149

    An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulne... Read more

    Affected Products : forticlientems
    • Published: Mar. 28, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
Showing 20 of 291401 Results