Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-7657

    Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-1392

    A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Feb. 17, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-25282

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list... Read more

    Affected Products : ragflow
    • Published: Feb. 21, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53889

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the it... Read more

    Affected Products : directus
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-53887

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed... Read more

    Affected Products : directus
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.5

    MEDIUM
    CVE-2025-53886

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive... Read more

    Affected Products : directus
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2025-53885

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the ... Read more

    Affected Products : directus
    • Published: Jul. 15, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-24294

    The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed ... Read more

    Affected Products :
    • Published: Jul. 12, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-6554

    Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)... Read more

    • Actively Exploited
    • Published: Jun. 30, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1819

    A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch t... Read more

    Affected Products : ac7_firmware ac7
    • Published: Mar. 02, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-51476

    IBM Concert Software 1.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : linux_kernel concert concert_software
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2024-37358

    Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version... Read more

    Affected Products : james james_server
    • Published: Feb. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-7357

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injecti... Read more

    Affected Products : dir-600_firmware dir-600
    • Published: Aug. 01, 2024
    • Modified: Jul. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-46946

    langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9b... Read more

    • Published: Sep. 19, 2024
    • Modified: Jul. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-23106

    An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HT... Read more

    Affected Products : forticlientems
    • Published: Jan. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-0909

    The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on... Read more

    • EPSS Score: %0.63
    • Published: Feb. 03, 2024
    • Modified: Jul. 16, 2025

  • 7.5

    HIGH
    CVE-2024-46667

    A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connect... Read more

    Affected Products : fortisiem
    • Published: Jan. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2017-18524

    The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.... Read more

    Affected Products : football_pool football_pool
    • EPSS Score: %0.21
    • Published: Aug. 20, 2019
    • Modified: Jul. 16, 2025

  • 9.0

    CRITICAL
    CVE-2024-47572

    An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file... Read more

    Affected Products : fortisoar
    • Published: Jan. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2021-26700

    Visual Studio Code npm-script Extension Remote Code Execution Vulnerability... Read more

    • EPSS Score: %12.92
    • Published: Feb. 25, 2021
    • Modified: Jul. 16, 2025
Showing 20 of 291562 Results