Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-2550

    A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-2551

    A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is r... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-2552

    A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access to the local ne... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-2553

    A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The attack needs to b... Read more

    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-30474

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is t... Read more

    Affected Products : commons_vfs
    • Published: Mar. 23, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-12775

    langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set th... Read more

    Affected Products : dify dify
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.7

    MEDIUM
    CVE-2025-20983

    Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-21000

    Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2025-20999

    Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20982

    Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-21001

    Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-27446

    Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-... Read more

    Affected Products : apisix
    • Published: Jul. 06, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-6675

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 ... Read more

    Affected Products : miniorange_2fa
    • Published: Jun. 26, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-53679

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a... Read more

    Affected Products : vcl
    • Published: Mar. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53678

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned b... Read more

    Affected Products : vcl
    • Published: Mar. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-27165

    Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-27367

    IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-49784

    IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server fi... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-49783

    IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2024-12580

    A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and file_id in the /code/download/:sessionId/:fileId and /download/:userId/:file_id APIs are not validated or filter... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection
Showing 20 of 291616 Results