Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-47029

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5905

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Passw... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-40916

    Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cryptography

  • 7.7

    HIGH
    CVE-2025-31053

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal.This issue affects KBx Pro Ultimate: from n/a before 8.0.5.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Path Traversal

  • 1.7

    LOW
    CVE-2025-43863

    vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password ... Read more

    Affected Products : vantage6
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-29902

    Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2025-6070

    The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read t... Read more

    Affected Products :
    • Published: Jun. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-36539

    AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service.... Read more

    Affected Products : pi_server
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-4417

    A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-27689

    Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-5487

    The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to in... Read more

    Affected Products :
    • Published: Jun. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-6062

    The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible fo... Read more

    Affected Products :
    • Published: Jun. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-5926

    The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-6106

    A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated r... Read more

    Affected Products : wukongcrm
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.7

    LOW
    CVE-2024-38823

    Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2025-6091

    A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow... Read more

    Affected Products :
    • Published: Jun. 15, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-6109

    A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-6096

    A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads to sql injection.... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-6108

    A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Path Traversal

  • 10.0

    HIGH
    CVE-2025-6098

    A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible ... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293510 Results