Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54127

    HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 21, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-26156

    All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and ref... Read more

    Affected Products : remote_access_server_firmware
    • Published: Jan. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    HIGH
    CVE-2021-27084

    Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability... Read more

    Affected Products : visual_studio_code maven_for_java
    • Published: Mar. 11, 2021
    • Modified: Jul. 30, 2025

  • 8.4

    HIGH
    CVE-2024-6658

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)    From 7.2.49... Read more

    • Published: Sep. 12, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2024-5998

    A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest versi... Read more

    Affected Products : langchain
    • Published: Sep. 17, 2024
    • Modified: Jul. 30, 2025

  • 8.4

    HIGH
    CVE-2025-54317

    An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-54316

    An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, ma... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-30133

    An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-30126

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30125

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30124

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch t... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2016-15046

    A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attack... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2024-20350

    A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key.... Read more

    Affected Products : dna_center catalyst_center
    • Published: Sep. 25, 2024
    • Modified: Jul. 30, 2025

  • 5.1

    MEDIUM
    CVE-2024-5385

    A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with... Read more

    Affected Products : online_car_wash_booking_system
    • Published: May. 27, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2025-7546

    A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7545

    A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement.... Read more

    Affected Products : binutils
    • Published: Jul. 13, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5778

    A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /admin. The manipulation of the argument Username leads to sql injection. It is possible to launch... Read more

    Affected Products : abc_courier_management_system
    • Published: Jun. 06, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7755

    A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The ... Read more

    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2024-7259

    A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.... Read more

    Affected Products : virtualization ovirt-engine
    • Published: Sep. 26, 2024
    • Modified: Jul. 30, 2025

  • 5.3

    MEDIUM
    CVE-2025-7756

    A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclo... Read more

    Affected Products : e-commerce_site
    • Published: Jul. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293352 Results