Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-20698

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products : android mt6781 mt6789 mt6833 mt6835 mt6853 mt6855 mt6877 mt6878 mt6879 +30 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20697

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products : android mt6853 mt6855 mt6877 mt6878 mt6879 mt6883 mt6885 mt6889 mt6893 +19 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-20696

    In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android openwrt yocto rdk-b zephyr mt6781 mt6789 mt6813 mt6833 mt6835 +27 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2025-54956

    The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.... Read more

    Affected Products :
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-8513

    A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. The manipulation leads to improper export of android app... Read more

    Affected Products :
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-8512

    A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to imp... Read more

    Affected Products :
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-8511

    A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scri... Read more

    Affected Products :
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8510

    A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It i... Read more

    Affected Products : i-educar
    • Published: Aug. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8509

    A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scri... Read more

    Affected Products : i-educar
    • Published: Aug. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8508

    A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avalia... Read more

    Affected Products : i-educar
    • Published: Aug. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-51775

    Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from ... Read more

    Affected Products : zeppelin
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-8507

    A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting.... Read more

    Affected Products : i-educar
    • Published: Aug. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-52279

    Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to versi... Read more

    Affected Products : zeppelin
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-41177

    Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.... Read more

    Affected Products : zeppelin
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-8506

    A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack ma... Read more

    Affected Products :
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-8505

    A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated re... Read more

    Affected Products :
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-8504

    A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to init... Read more

    Affected Products : kitchen_treasure
    • Published: Aug. 03, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8503

    A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. Th... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8502

    A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. The attack ca... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-8501

    A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting... Read more

    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291814 Results