Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-52711

    Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a thro... Read more

    • Published: Jun. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.4

    HIGH
    CVE-2024-8676

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod reques... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 26, 2024
    • Modified: Jul. 02, 2025

  • 4.6

    MEDIUM
    CVE-2024-41927

    Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, ... Read more

    • Published: Sep. 04, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-37092

    A command injection remote code execution vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-37093

    An authentication bypass vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-37094

    A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5447

    A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ss... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-46611

    Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products : ema
    • Published: May. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2023-47466

    TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.... Read more

    Affected Products : taglib
    • Published: May. 22, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5108

    A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unr... Read more

    Affected Products : shopxo
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-32794

    OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to injec... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32967

    OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrato... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-43860

    OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privile... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-53427

    decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter... Read more

    Affected Products : jq
    • Published: Feb. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25361

    An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.... Read more

    Affected Products : publiccms
    • Published: Mar. 06, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2021-36875

    Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5.... Read more

    Affected Products : ulisting
    • Published: Sep. 27, 2021
    • Modified: Jul. 01, 2025

  • 4.6

    MEDIUM
    CVE-2025-30138

    An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30139

    An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network witho... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-30141

    An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-30142

    An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC addre... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 293940 Results