Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-45770

    jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and othe... Read more

    Affected Products : jwt
    • Published: Jul. 31, 2025
    • Modified: Aug. 17, 2025

  • 7.3

    HIGH
    CVE-2025-45769

    php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and... Read more

    Affected Products : firebase_php-jwt
    • Published: Jul. 31, 2025
    • Modified: Aug. 17, 2025

  • 6.0

    MEDIUM
    CVE-2025-37112

    A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 6.0

    MEDIUM
    CVE-2025-37111

    A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 6.0

    MEDIUM
    CVE-2025-37110

    A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 3.5

    LOW
    CVE-2025-37109

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 3.5

    LOW
    CVE-2025-37108

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 7.3

    HIGH
    CVE-2025-26064

    A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-26063

    An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.... Read more

    • Published: Jul. 31, 2025
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-26062

    An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025

  • 9.4

    CRITICAL
    CVE-2025-8426

    Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affecte... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 6.9

    MEDIUM
    CVE-2025-54834

    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 6.9

    MEDIUM
    CVE-2025-54833

    OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 5.3

    MEDIUM
    CVE-2025-54832

    OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025

  • 7.6

    HIGH
    CVE-2025-51503

    A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.... Read more

    Affected Products : microweber cockpit
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 3.5

    LOW
    CVE-2025-51385

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025

  • 3.5

    LOW
    CVE-2025-51384

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025

  • 3.5

    LOW
    CVE-2025-51383

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025

  • 6.1

    MEDIUM
    CVE-2025-50866

    CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context ... Read more

    Affected Products : cloudclassroom
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-34327

    Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.... Read more

    Affected Products : anyware
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
Showing 20 of 290943 Results