Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-49343

    IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-49342

    IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54418

    CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads w... Read more

    Affected Products : codeigniter
    • Published: Jul. 28, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-53696

    iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.... Read more

    Affected Products : istar_ultra_firmware
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30125

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8279

    Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2025-53695

    OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.... Read more

    Affected Products : istar_ultra_firmware
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-32731

    A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provid... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-30133

    An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-30126

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30124

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch t... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-27724

    A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-26469

    An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An ... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-24485

    A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-8275

    A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulatio... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.5

    MEDIUM
    CVE-2025-54569

    In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.... Read more

    Affected Products : binisoft_windows_firewall_control
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-4056

    A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.... Read more

    Affected Products : glib windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-8274

    A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5997

    Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-38497

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[... Read more

    Affected Products : linux_kernel
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291196 Results