Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-57430

    An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privile... Read more

    Affected Products : cinema_booking_system
    • Published: Feb. 06, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2020-3432

    A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of di... Read more

    • Published: Feb. 12, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-4023

    A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, lead... Read more

    Affected Products : flatpress
    • Published: Mar. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-8789

    Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can ... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2021-47296

    In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak vcpu_put is not called if the user copy fails. This can result in preempt notifier corruption and crashes, among other issues.... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Jun. 23, 2025

  • 5.5

    MEDIUM
    CVE-2021-47294

    In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use sock timer API. It replaces mod_timer() by sk_reset_timer... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Jun. 23, 2025

  • 5.3

    MEDIUM
    CVE-2025-6268

    A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the a... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6267

    A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barc... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-6266

    A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown code of the file /upload.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. ... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.5

    CRITICAL
    CVE-2025-52464

    Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initia... Read more

    Affected Products : meshtastic_firmware
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-50181

    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users ... Read more

    Affected Products : urllib3
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-4661

    A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privileg... Read more

    Affected Products : fabric_operating_system
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-48886

    Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progressio... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-24287

    A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-23172

    The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP req... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2025-23171

    The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-45208

    The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versi... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-6240

    Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-20271

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an a... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-23169

    The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to ... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293633 Results