Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-33061

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33060

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33059

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33058

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-33055

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-32720

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-32719

    Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-6071

    Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 21062... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cryptography

  • 9.0

    CRITICAL
    CVE-2025-34087

    An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain st... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-34086

    Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, ... Read more

    Affected Products : bolt
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-6073

    Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is expl... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-53490

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - CampaignEvents Extensio... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6074

    Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authenticati... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-6926

    Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before ... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-53369

    Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML i... Read more

    Affected Products : shortdescription
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-34088

    An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools op... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34061

    A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests,... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-6072

    Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-53502

    Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X.... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-53501

    Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization
Showing 20 of 293590 Results