Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3466

    langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as pa... Read more

    Affected Products : dify dify
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-24069

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-53377

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious s... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-26646

    External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-29803

    Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 12, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-29819

    External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.... Read more

    Affected Products : windows_admin_center
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-29812

    Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-29811

    Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29331

    An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates... Read more

    Affected Products : 3x-ui
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-29809

    Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-4966

    The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenti... Read more

    Affected Products : wp_online_users_stats
    • Published: Jun. 06, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-4964

    The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat... Read more

    Affected Products : wp_online_users_stats
    • Published: Jun. 06, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-5341

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input saniti... Read more

    Affected Products : forminator forminator_forms
    • Published: Jun. 05, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21171

    .NET Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-29808

    Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more

    Affected Products : windows_server_2022
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-29805

    Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : outlook
    • Published: Apr. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-30399

    Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 13, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-52995

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more ... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5539

    The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization an... Read more

    Affected Products : wp_easy_contact
    • Published: Jun. 04, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-5103

    The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied par... Read more

    • Published: Jun. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection
Showing 20 of 291739 Results