Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-54385

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.0-rc1 to 17.2.2 and versions 16.10.5 and below, it's possible to execute any SQL query in Oracle by using the function like D... Read more

    Affected Products : xwiki
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-54380

    Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user an... Read more

    Affected Products : opencast
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 8.3

    HIGH
    CVE-2025-54378

    HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a resourc... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 26, 2025
    • Modified: Aug. 21, 2025

  • 8.6

    HIGH
    CVE-2025-54366

    FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users ... Read more

    Affected Products : freescout
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 7.0

    HIGH
    CVE-2025-50185

    DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the syste... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 7.1

    HIGH
    CVE-2025-50184

    DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that list... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 7.5

    HIGH
    CVE-2024-13507

    The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user s... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 7.1

    HIGH
    CVE-2025-8175

    A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference.... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-8174

    A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. The a... Read more

    Affected Products : voting_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8173

    A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to s... Read more

    Affected Products : abc_courier_management_system
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-8172

    A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to ... Read more

    Affected Products : employee_management_system
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 6.5

    MEDIUM
    CVE-2025-8171

    A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to unrestricted upl... Read more

    Affected Products : document_management_system
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025

  • 8.8

    HIGH
    CVE-2025-8101

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.... Read more

    Affected Products : linkify
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.0

    HIGH
    CVE-2025-8170

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp l... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-8169

    A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime lead... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jul. 25, 2025
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-8168

    A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation of the argument curTime leads to buffer overflow. The attack may be l... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jul. 25, 2025
    • Modified: Jul. 31, 2025

  • 5.4

    MEDIUM
    CVE-2025-8167

    A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cro... Read more

    Affected Products : church_donation_system
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025

  • 8.8

    HIGH
    CVE-2025-46198

    Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element... Read more

    Affected Products : grav
    • Published: Jul. 25, 2025
    • Modified: Aug. 20, 2025

  • 9.4

    CRITICAL
    CVE-2025-30135

    An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-8166

    A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username l... Read more

    Affected Products : church_donation_system
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025
Showing 20 of 291058 Results