Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-54596

    Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2025-45960

    Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2025-45893

    OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a m... Read more

    Affected Products : opencart
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-45892

    OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inje... Read more

    Affected Products : opencart
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-45406

    A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attackers ca... Read more

    Affected Products : codeigniter
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.3

    MEDIUM
    CVE-2025-36728

    Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.3

    HIGH
    CVE-2025-36727

    Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-29631

    An issue in Gardyn 4 allows a remote attacker execute arbitrary code... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2025-29630

    An issue in Gardyn 4 allows a remote attacker with the corresponding ssh private key can gain remote root access to affected devices... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2025-29629

    An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2025-29628

    An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 7.2

    HIGH
    CVE-2023-53155

    goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.... Read more

    Affected Products : goahead
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2025-45466

    Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.0

    MEDIUM
    CVE-2025-3873

    The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sh... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.0

    MEDIUM
    CVE-2025-3508

    Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38467

    In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's support for another console device (such as a TTY serial), the kernel occasionally panics during boot. The pan... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38466

    In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a va... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38465

    In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk->sk_rmem_alloc. Netlink has this pattern in some places if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) atomic_add(skb->truesize, &sk->sk_rmem_... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38464

    In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 0.0

    NA
    CVE-2025-38463

    In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug [1] where sk->sk_forward_alloc can overflow. When we send data, if an skb exists at the tail of the ... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 290983 Results