Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.9

    HIGH
    CVE-2025-53630

    llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792... Read more

    Affected Products : llama.cpp
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-53378

    A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only... Read more

    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-52948

    An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and res... Read more

    Affected Products : junos
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Race Condition

  • 6.0

    MEDIUM
    CVE-2025-52958

    A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when r... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-52953

    An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-52579

    Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if the programmer does not properly clear the memory befor... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-50124

    A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 8.9

    HIGH
    CVE-2025-50122

    A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-43856

    immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf tok... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-3947

    The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer d... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-52984

    A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-52947

    An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leadin... Read more

    Affected Products : junos
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-52980

    A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received ov... Read more

    Affected Products : junos
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-51591

    A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-52949

    An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to cr... Read more

    Affected Products : junos junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-7462

    A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Hand... Read more

    Affected Products :
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-7464

    A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The compl... Read more

    Affected Products : gobgp
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1313

    The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their d... Read more

    Affected Products :
    • Published: Jul. 12, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-1727

    The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake contro... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-2520

    The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a derefere... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292720 Results