Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-31229

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.... Read more

    Affected Products : iphone_os ipados
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-24224

    The issue was addressed with improved checks. This issue is fixed in tvOS 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.9, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5, macOS Ventura 13.7.7. A remote attacker may be able to cause unexpected system termina... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-24188

    A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.... Read more

    Affected Products : macos safari
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2025-24119

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025

  • 9.9

    CRITICAL
    CVE-2025-54381

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to for... Read more

    Affected Products : bentoml
    • Published: Jul. 29, 2025
    • Modified: Aug. 05, 2025

  • 8.5

    HIGH
    CVE-2025-7849

    A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This v... Read more

    Affected Products : labview
    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025

  • 8.5

    HIGH
    CVE-2025-7848

    A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerabil... Read more

    Affected Products : labview
    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025

  • 8.5

    HIGH
    CVE-2025-7361

    A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vul... Read more

    Affected Products : windows labview
    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025

  • 6.9

    MEDIUM
    CVE-2025-54126

    The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address th... Read more

    Affected Products : webassembly_micro_runtime
    • Published: Jul. 29, 2025
    • Modified: Jul. 31, 2025

  • 8.6

    HIGH
    CVE-2025-4674

    The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contai... Read more

    Affected Products : go
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2025-40600

    Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 11, 2025

  • 6.4

    MEDIUM
    CVE-2025-5684

    The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-template` DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitiz... Read more

    • Published: Jul. 29, 2025
    • Modified: Jul. 31, 2025

  • 4.3

    MEDIUM
    CVE-2025-53902

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially acce... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-53541

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some ... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 05, 2025

  • 8.2

    HIGH
    CVE-2025-53102

    Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which ... Read more

    Affected Products : discourse
    • Published: Jul. 29, 2025
    • Modified: Jul. 31, 2025

  • 5.3

    MEDIUM
    CVE-2025-52899

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form a... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025

  • 7.3

    HIGH
    CVE-2025-52490

    An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.... Read more

    Affected Products : sync_gateway
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025

  • 8.1

    HIGH
    CVE-2025-45346

    SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.... Read more

    Affected Products : bacula-web
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025

  • 6.4

    MEDIUM
    CVE-2024-43018

    Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some... Read more

    Affected Products : piwigo
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-51045

    Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
Showing 20 of 290955 Results