Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-52842

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Laundry on Linux, MacOS allows Account Takeover. This issue affects Laundry: 2.3.0.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 6.8

    CVSS31
    CVE-2025-52559

    Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-sit... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-43025

    HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34092

    A cookie encryption bypass vulnerability exists in Google Chrome’s AppBound mechanism due to weak path validation logic within the elevation service. When Chrome encrypts a cookie key, it records its own executable path as validation metadata. Later, when... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34091

    A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repe... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34090

    A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID)... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34079

    An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34078

    A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local u... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34076

    An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary file... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34075

    An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant (or C:\vagra... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-34074

    An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a re... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-49713

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 9.8

    CVSS31
    CVE-2025-45813

    ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 0.0

    NONE
    CVE-2025-52841

    Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This issue affects Laundry: 2.3.0.... Read more

    Affected Products : laundry
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 9.8

    CVSS31
    CVE-2025-45814

    Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 5.3

    CVSS31
    CVE-2025-45424

    Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 10.0

    CVSS31
    CVE-2025-20309

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root accoun... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 4.8

    CVSS31
    CVE-2025-20307

    A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability i... Read more

    Affected Products : broadworks_commpilot_application
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 3.8

    CVSS31
    CVE-2025-6943

    Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 3.8

    CVSS31
    CVE-2025-6942

    The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025
Showing 20 of 185 Results
© cvefeed.io
Latest DB Update: Jul. 02, 2025 22:14