Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21346

    Microsoft Office Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-21345

    Microsoft Office Visio Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2025-21186

    Microsoft Access Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2025-21394

    Microsoft Excel Remote Code Execution Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 01, 2025

  • 7.8

    HIGH
    CVE-2025-47176

    '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-21392

    Microsoft Office Remote Code Execution Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21397

    Microsoft Office Remote Code Execution Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 01, 2025

  • 9.0

    HIGH
    CVE-2025-6886

    A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-b... Read more

    Affected Products : ac5_firmware ac5
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6887

    A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The... Read more

    Affected Products : ac5_firmware ac5
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-3745

    The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks.... Read more

    Affected Products : wp_lightbox_2
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-5730

    The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : contact_form contact_form
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6897

    A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has b... Read more

    Affected Products : di-7300g\+_firmware di-7300g\+
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-27607

    Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the na... Read more

    Affected Products : python_json_logger
    • Published: Mar. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Supply Chain

  • 9.8

    CRITICAL
    CVE-2025-6900

    A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initia... Read more

    Affected Products : library_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2025-6906

    A vulnerability classified as critical has been found in code-projects Car Rental System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotel... Read more

    Affected Products : car_rental_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6907

    A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely... Read more

    Affected Products : car_rental_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-44141

    A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.... Read more

    Affected Products : backdrop
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-50350

    PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-51671

    A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-cate... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-6699

    A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/So... Read more

    Affected Products : wegia
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293704 Results