Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-20271

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an a... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-23169

    The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to ... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-23170

    The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user ... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-23173

    The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces sign... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-24288

    The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-24291

    The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an att... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50183

    OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in <script> tags may be in... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-52467

    pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In partic... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-6201

    The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insuff... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-5524

    The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4738

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-49014

    jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.... Read more

    Affected Products : jq
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-49972

    Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-49976

    Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7.... Read more

    Affected Products : wanotifier
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-50044

    Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3.... Read more

    Affected Products : real_estate_manager
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-50049

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes allows Stored XSS. This issue affects Modern Footnotes: from n/a through 1.4.19.... Read more

    Affected Products : modern_footnotes
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 7.5

    HIGH
    CVE-2025-52708

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY allows PHP Local File Inclusion. This issue affects HUSKY: from n/a through 1.3.7.... Read more

    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-52791

    Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base &#8211; Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base &#8211; Knowledge Base Maker: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-52793

    Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings allows Reflected XSS. This issue affects Esselink.nu Settings: from n/a through 2.94.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025

  • 4.3

    MEDIUM
    CVE-2025-49975

    Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0.... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293675 Results