Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-34097

    An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arbitrary PHP code... Read more

    Affected Products : processmaker
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-34100

    An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upl... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-45662

    A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-48496

    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-53471

    Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-5241

    Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect pas... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-53864

    Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the... Read more

    Affected Products : nimbus_jose\+jwt
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-7401

    The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and i... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 9.0

    CRITICAL
    CVE-2025-30023

    The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.... Read more

    Affected Products : device_manager
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-30024

    The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.... Read more

    Affected Products : device_manager
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-30025

    The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.... Read more

    Affected Products : device_manager
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-5028

    Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2025-5992

    When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-6716

    The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload[1][title]' paramete... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-4593

    The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2025-6838

    The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above,... Read more

    Affected Products : broken_link_notifier
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.5

    CRITICAL
    CVE-2025-50121

    A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. H... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.9

    HIGH
    CVE-2025-50122

    A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-6788

    A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-52952

    An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the d... Read more

    Affected Products : junos
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291638 Results