Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-52988

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-7518

    The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read... Read more

    Affected Products : rsfirewall\!
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-7503

    An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web i... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-53378

    A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only... Read more

    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-53625

    The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hi... Read more

    Affected Products : dynamicpagelist3
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-2520

    The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a derefere... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-34093

    An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system c... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-34097

    An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arbitrary PHP code... Read more

    Affected Products : processmaker
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-34100

    An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upl... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-45662

    A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-48496

    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-53471

    Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-5241

    Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect pas... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-53864

    Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the... Read more

    Affected Products : nimbus_jose\+jwt
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-7401

    The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and i... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 9.0

    CRITICAL
    CVE-2025-30023

    The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.... Read more

    Affected Products : device_manager
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30024

    The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.... Read more

    Affected Products : device_manager
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-30025

    The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.... Read more

    Affected Products : device_manager
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-5028

    Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2025-5992

    When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291589 Results