Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-7676

    DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to lo... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 5.5

    MEDIUM
    CVE-2025-54538

    In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 5.5

    MEDIUM
    CVE-2025-54537

    In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2025-54536

    In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-54535

    In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 4.8

    MEDIUM
    CVE-2025-54534

    In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 4.3

    MEDIUM
    CVE-2025-54533

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 4.3

    MEDIUM
    CVE-2025-54532

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 9.4

    CRITICAL
    CVE-2025-54531

    In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-54530

    In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-54529

    In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 8.8

    HIGH
    CVE-2025-54528

    In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2025-54527

    In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions... Read more

    Affected Products : youtrack
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50494

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : car_washing_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50493

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.... Read more

    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2025-50490

    Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : student_result_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.1

    HIGH
    CVE-2025-6250

    Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any pr... Read more

    Affected Products : privilege_management_for_windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-2297

    Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile... Read more

    Affected Products : privilege_management_for_windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-49343

    IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2024-49342

    IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
Showing 20 of 290974 Results