Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-32967

    OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrato... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-43860

    OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privile... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-53427

    decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter... Read more

    Affected Products : jq
    • Published: Feb. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25361

    An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.... Read more

    Affected Products : publiccms
    • Published: Mar. 06, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2021-36875

    Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5.... Read more

    Affected Products : ulisting
    • Published: Sep. 27, 2021
    • Modified: Jul. 01, 2025

  • 4.6

    MEDIUM
    CVE-2025-30138

    An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30139

    An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network witho... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-30141

    An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-30142

    An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC addre... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30140

    An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, ... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2025-25183

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Pr... Read more

    Affected Products : vllm
    • Published: Feb. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-29783

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on di... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-48944

    vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-27412

    REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3.... Read more

    Affected Products : redaxo
    • Published: Mar. 05, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-27411

    REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.... Read more

    Affected Products : redaxo
    • Published: Mar. 05, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-44849

    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.... Read more

    Affected Products : qualitor
    • Published: Sep. 09, 2024
    • Modified: Jul. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-48359

    Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 7.5

    HIGH
    CVE-2024-48360

    Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.... Read more

    Affected Products : qualitor
    • Published: Oct. 31, 2024
    • Modified: Jul. 01, 2025

  • 8.1

    HIGH
    CVE-2024-45106

    Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to tr... Read more

    Affected Products : ozone
    • Published: Dec. 03, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025
Showing 20 of 294068 Results