Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-4130

    Use of Hard-coded Credentials vulnerability in PAVO Inc. PAVO Pay allows Read Sensitive Constants Within an Executable.This issue affects PAVO Pay: before 13.05.2025.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-7888

    A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formK... Read more

    Affected Products : tduck-platform
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-41675

    A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-50583

    StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-7881

    A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument code leads to weak password recovery.... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-41673

    A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-7354

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user sup... Read more

    Affected Products : shortcodes_ultimate
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-7896

    A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traver... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-7895

    A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argu... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2015-10138

    The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7696

    The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verify_field_val() f... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-52169

    agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-7894

    A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat Interf... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-4569

    An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Ad... Read more

    Affected Products : myasus
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-7658

    The Temporarily Hidden Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'temphc-start' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-46385

    CWE-918 Server-Side Request Forgery (SSRF)... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-7906

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argume... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2025-7396

    In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assem... Read more

    Affected Products : wolfssl
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2025-27210

    An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.... Read more

    Affected Products : node.js nodejs
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-27209

    The V8 release used in Node.js v24.0.0 has changed how string hashes are computed using rapidhash. This implementation re-introduces the HashDoS vulnerability as an attacker who can control the strings to be hashed can generate many hash collisions - an a... Read more

    Affected Products : node.js
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292871 Results