Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-5937

    The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ... Read more

    Affected Products : micropayments
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-6818

    A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The expl... Read more

    Affected Products : hdf5
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-32897

    Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incu... Read more

    Affected Products : seata
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025

  • 9.0

    HIGH
    CVE-2025-6825

    A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-52898

    Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances confi... Read more

    Affected Products : frappe
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-6829

    A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection... Read more

    Affected Products : oa_system
    • Published: Jun. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-6462

    The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escapi... Read more

    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6850

    A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forum1.php. The manipulation of the argument File leads to sql injection. The attack can b... Read more

    Affected Products : simple_forum
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-6856

    A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed... Read more

    Affected Products : hdf5
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6857

    A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attac... Read more

    Affected Products : hdf5
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-6858

    A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locall... Read more

    Affected Products : hdf5
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6859

    A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/pro_sale.php. The manipulation of the argument fromdate/todate leads to sql injection. It is ... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6867

    A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack ma... Read more

    Affected Products : simple_company_website
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6868

    A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible t... Read more

    Affected Products : simple_company_website
    • Published: Jun. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4380

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it p... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-4381

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the user supp... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-32876

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key (STK) can be easily ... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-32877

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which th... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32878

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-32879

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE s... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 293609 Results