Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-42963

    A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attack... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-41668

    A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-42956

    SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by t... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2023-52236

    A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-53545

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fi... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-50130

    A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-40721

    Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-40718

    Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-40716

    SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-41224

    A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS4... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-40742

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) V9.6 (All versions), SIPROT... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20998

    Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-20997

    Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-41667

    A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-41666

    A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-7156

    A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument question leads to sql injection. The attack can be initi... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-7146

    The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-42985

    Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, re... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-42980

    SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-42974

    Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no im... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization
Showing 20 of 293611 Results