Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-6712

    MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes... Read more

    Affected Products : mongodb
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 9.5

    CRITICAL
    CVE-2025-5333

    Remote attackers can execute arbitrary code in the context of the vulnerable service process.... Read more

    Affected Products :
    • Published: Jul. 06, 2025
    • Modified: Jul. 08, 2025

  • 8.1

    HIGH
    CVE-2025-53536

    Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ... Read more

    Affected Products : roo_code
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-53376

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getCont... Read more

    Affected Products : dokploy
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.9

    HIGH
    CVE-2025-53373

    Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-53478

    The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension:... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-53539

    FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex pattern... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-53473

    Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.2

    MEDIUM
    CVE-2025-53543

    Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-53540

    arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpo... Read more

    Affected Products : arduino-esp32
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-53532

    giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is pr... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-53497

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RelatedArticles Extension allows Stored XSS.This issue affects Mediawiki - RelatedArticles Extension: from 1.43.X... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-53491

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - FlaggedRevs Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - FlaggedRevs Extension: fro... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7057

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension allows Stored XSS.This issue affects Mediawiki - Quiz Extension: from 1.39.X before 1.39.13, from ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-53487

    The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-53375

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application sourc... Read more

    Affected Products : dokploy
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2025-53374

    Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organiza... Read more

    Affected Products : dokploy
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2025-6711

    An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 versions pri... Read more

    Affected Products : mongodb
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-53486

    The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafte... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-7056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - UrlShortener Extension allows Stored XSS.This issue affects Mediawiki - UrlShortener Extension: from 1.42.X befor... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293612 Results