Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-42912

    A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This Issue (Data Center) before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-53943

    VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users wit... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-7357

    LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2025-53904

    The Scratch Channel is a news website that is under development as of time of this writing. The file `/api/admin.js` contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-40777

    If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME c... Read more

    Affected Products : bind
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-34120

    An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing a... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-34125

    An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-34126

    A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending crafted HTTP GET requests to the 'windows/code.php' script... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-34129

    A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34132

    A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allo... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-7728

    A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remot... Read more

    Affected Products : scada-lts
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-7735

    The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-5344

    Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-5345

    Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary f... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-53941

    Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-54066

    DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login pag... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-54070

    OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access uninitialized memory when the following t... Read more

    Affected Products : openzeppelin_contracts
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-7472

    A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-1700

    A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.... Read more

    Affected Products : software_fix
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-23270

    NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code executio... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292802 Results