Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-8576

    Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025

  • 8.7

    HIGH
    CVE-2025-29865

    : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 6.9

    MEDIUM
    CVE-2025-54885

    Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intende... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 7.1

    HIGH
    CVE-2025-54882

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential ... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 2.3

    LOW
    CVE-2025-54799

    Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike th... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 2.5

    LOW
    CVE-2025-54798

    tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 8.6

    HIGH
    CVE-2025-54784

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025

  • 6.1

    MEDIUM
    CVE-2025-54783

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025

  • 7.0

    HIGH
    CVE-2025-3770

    EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.... Read more

    Affected Products : edk2
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-54788

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can ... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025

  • 5.3

    MEDIUM
    CVE-2025-54786

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated ... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2025-54785

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to pe... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 13, 2025

  • 8.7

    HIGH
    CVE-2025-7770

    Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025

  • 8.7

    HIGH
    CVE-2025-7769

    Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, thi... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025

  • 9.3

    CRITICAL
    CVE-2025-7768

    Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially mod... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025

  • 7.8

    HIGH
    CVE-2025-6634

    A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2025-6633

    A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of th... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2025-6632

    A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025

  • 6.5

    MEDIUM
    CVE-2025-51058

    Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL ... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025

  • 6.5

    MEDIUM
    CVE-2025-51057

    A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
Showing 20 of 290943 Results