Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-50123

    A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-50125

    A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs and manipulation of host request header.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-7435

    A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /site_admin/lhcphpresque/list/ of the component List Handl... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-52950

    A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director ap... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-53503

    Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    Affected Products : cleaner_pro_one
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-52837

    Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and ... Read more

    Affected Products : password_manager
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-52988

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-7518

    The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read... Read more

    Affected Products : rsfirewall\!
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-7503

    An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web i... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-53378

    A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only... Read more

    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-53625

    The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hi... Read more

    Affected Products : dynamicpagelist3
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-2520

    The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a derefere... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-34093

    An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system c... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-34097

    An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arbitrary PHP code... Read more

    Affected Products : processmaker
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-34100

    An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upl... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-45662

    A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-48496

    Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-53471

    Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-5241

    Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect pas... Read more

    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-53864

    Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the... Read more

    Affected Products : nimbus_jose\+jwt
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291647 Results