Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-3702

    Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0.... Read more

    Affected Products : melapress_file_monitor
    • Published: Jul. 03, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-46647

    A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect pr... Read more

    Affected Products : apisix
    • Published: Jul. 02, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-35164

    The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console ... Read more

    Affected Products : guacamole
    • Published: Jul. 02, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2024-41597

    Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.... Read more

    Affected Products : processwire
    • Published: Jul. 19, 2024
    • Modified: Jul. 09, 2025

  • 4.2

    MEDIUM
    CVE-2025-53021

    A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the... Read more

    Affected Products : moodle
    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2019-5418

    There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.... Read more

    • Actively Exploited
    • EPSS Score: %94.34
    • Published: Mar. 27, 2019
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2019-9621

    Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.... Read more

    • Actively Exploited
    • EPSS Score: %91.64
    • Published: Apr. 30, 2019
    • Modified: Jul. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-23928

    This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists ... Read more

    • Published: Jan. 31, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.1

    MEDIUM
    CVE-2025-48470

    Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, o... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-48469

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-48468

    Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-48467

    Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2024-37663

    Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more

    • Published: Jun. 17, 2024
    • Modified: Jul. 09, 2025

  • 7.2

    HIGH
    CVE-2024-4869

    The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products : wp_cookie_consent
    • Published: Jun. 26, 2024
    • Modified: Jul. 09, 2025

  • 7.2

    HIGH
    CVE-2024-13059

    A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in rem... Read more

    Affected Products : anythingllm
    • Published: Feb. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Path Traversal

  • 5.2

    MEDIUM
    CVE-2024-37664

    Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings ... Read more

    Affected Products : redmi_ax6s_firmware redmi_ax6s
    • Published: Jun. 17, 2024
    • Modified: Jul. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-57605

    Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.... Read more

    Affected Products : fuel_cms
    • Published: Feb. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-48463

    Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tamp... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 4.2

    MEDIUM
    CVE-2025-48462

    Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2025-48461

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and res... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication
Showing 20 of 291867 Results