Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-48379

    Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for avail... Read more

    Affected Products : pillow
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-41648

    An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-36593

    Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid prot... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-36630

    In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.... Read more

    Affected Products : nessus
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-34065

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-34081

    The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System (CHS): before 3.7.7.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2025-34064

    A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receivin... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-34058

    Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulner... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-34050

    A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthor... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-6952

    A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It... Read more

    Affected Products : open5gs
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025

  • 3.7

    LOW
    CVE-2025-4654

    The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-52101

    linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-forc... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-45006

    Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-53104

    gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussio... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-46259

    Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-53107

    @cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an at... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-53103

    JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGen... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-45083

    Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-45081

    Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-34080

    The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System (CHS): be... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293641 Results