Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-6521

    During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-6768

    A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName... Read more

    Affected Products : hosp_order
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-6839

    A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The... Read more

    Affected Products :
    • Published: Jun. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2023-28912

    The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally disco... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2023-28910

    A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car w... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-38086

    In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a l... Read more

    Affected Products : linux_kernel
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-6774

    A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. The attack may be la... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-6773

    A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulatio... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-6522

    Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2023-29113

    The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control ... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-22059

    A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.... Read more

    Affected Products : neurons_for_itsm
    • Published: May. 31, 2024
    • Modified: Jun. 30, 2025

  • 8.7

    HIGH
    CVE-2024-22060

    An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.... Read more

    Affected Products : neurons_for_itsm
    • Published: May. 31, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2024-4750

    The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request... Read more

    Affected Products : buddyboss buddyboss_platform
    • Published: Jun. 04, 2024
    • Modified: Jun. 30, 2025

  • 5.3

    MEDIUM
    CVE-2023-34001

    Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Jun. 04, 2024
    • Modified: Jun. 30, 2025

  • 7.8

    HIGH
    CVE-2024-27264

    IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.... Read more

    Affected Products : i i
    • Published: May. 22, 2024
    • Modified: Jun. 30, 2025

  • 6.1

    MEDIUM
    CVE-2024-31634

    Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.... Read more

    Affected Products : xunruicms
    • Published: Apr. 16, 2024
    • Modified: Jun. 30, 2025

  • 5.4

    MEDIUM
    CVE-2024-4456

    In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: May. 08, 2024
    • Modified: Jun. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-2697

    The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip... Read more

    Affected Products : swift_framework
    • Published: May. 17, 2024
    • Modified: Jun. 30, 2025

  • 9.9

    CRITICAL
    CVE-2024-29212

    Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC... Read more

    Affected Products : veeam_service_provider_console
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025

  • 7.2

    HIGH
    CVE-2024-34338

    Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authenticati... Read more

    Affected Products : o3 o3_firmware
    • Published: May. 14, 2024
    • Modified: Jun. 30, 2025
Showing 20 of 294528 Results