Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-41687

    An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-41684

    An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint tls_iotgen_setting).... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-41683

    An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-8070

    The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-31700

    A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices ... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-6174

    The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privi... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-8021

    All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-43881

    Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affecte... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-42947

    SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact o... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-6261

    The Fleetwire Fleet Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fleetwire_list shortcode in all versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6214

    The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its /users/delete REST route in all versions up to, and including, 1.0.9. The route’s permission_callback only verifies that the requester is logged in, but fails to require ... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-6054

    The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5753

    The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-43488

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the ... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-43487

    A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software upd... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-43484

    A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issu... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-43021

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-54140

    pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker ... Read more

    Affected Products : pyload
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-53703

    DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 5.0

    MEDIUM
    CVE-2025-51475

    Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293289 Results