Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32878

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-32879

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE s... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32880

    An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffin... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-48705

    An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-48706

    An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot.... Read more

    Affected Products : coros_pace_3_firmware coros_pace_3
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2024-40348

    An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.... Read more

    Affected Products : bazarr
    • Published: Jul. 20, 2024
    • Modified: Jul. 08, 2025

  • 4.3

    MEDIUM
    CVE-2025-3227

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members... Read more

    Affected Products : mattermost_server
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3228

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-5475

    Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability t... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5476

    Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerabili... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-5477

    Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5478

    Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not require... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-5479

    Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must ... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5820

    Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. T... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-3221

    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.... Read more

    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-3629

    IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.... Read more

    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4689

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vul... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-6551

    A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site ... Read more

    Affected Products : hope-boot
    • Published: Jun. 24, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-39250

    EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.... Read more

    Affected Products : timetrax
    • Published: Jul. 22, 2024
    • Modified: Jul. 08, 2025

  • 6.1

    MEDIUM
    CVE-2025-50699

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293611 Results