Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-49544

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerab... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: XML External Entity

  • 4.3

    MEDIUM
    CVE-2025-49543

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.2

    MEDIUM
    CVE-2025-49542

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript c... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-49541

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-49540

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-49539

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerab... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: XML External Entity

  • 7.9

    HIGH
    CVE-2025-49537

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker.... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-49535

    ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access ... Read more

    Affected Products : coldfusion
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-27690

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user acco... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-27207

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass ... Read more

    Affected Products : commerce commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29662

    A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access.... Read more

    Affected Products : landchat
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6904

    A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql injection. The at... Read more

    Affected Products : car_rental_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6903

    A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The ... Read more

    Affected Products : car_rental_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53924

    Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.... Read more

    Affected Products : pycel
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7211

    A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated re... Read more

    Affected Products : lifestyle_store
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-26269

    DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.... Read more

    Affected Products : dragonfly
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2023-49031

    Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFi... Read more

    Affected Products : tikit_emarketing
    • Published: Mar. 03, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-25179

    Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.... Read more

    Affected Products : ddk
    • Published: Jun. 02, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-7220

    A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to s... Read more

    Affected Products : payroll_management_system
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-0467

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Apr. 18, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291541 Results