Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54428

    RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded username and password was accidentally committed to the pu... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-54426

    Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of retu... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2025-54419

    A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an at... Read more

    Affected Products : node_saml
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-54299

    A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-54298

    A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7676

    DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to lo... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-53695

    OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.... Read more

    Affected Products : istar_ultra_firmware
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26469

    An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An ... Read more

    Affected Products : pacs_server
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27724

    A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability.... Read more

    Affected Products : pacs_server
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.5

    MEDIUM
    CVE-2025-54569

    In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.... Read more

    Affected Products : binisoft_windows_firewall_control
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5997

    Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6918

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection.This issue affects Virtual PBX Software: before 09.07.2025.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-8265

    A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-27802

    The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (t... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-8223

    A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-s... Read more

    Affected Products :
    • Published: Jul. 27, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-8222

    A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipula... Read more

    Affected Products :
    • Published: Jul. 27, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-8104

    The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated att... Read more

    Affected Products : wp-memory
    • Published: Jul. 27, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.1

    MEDIUM
    CVE-2023-53158

    The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more diffic... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-38493

    In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash in timerlat_dump_stack() We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overf... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-43023

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography
Showing 20 of 292802 Results