Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2024-13976

    A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to ex... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.5

    HIGH
    CVE-2024-13975

    A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise ... Read more

    Affected Products : commvault
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 5.1

    MEDIUM
    CVE-2022-4979

    A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers wh... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.7

    HIGH
    CVE-2020-36850

    An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.6

    HIGH
    CVE-2016-15046

    A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attack... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 30, 2025

  • 6.9

    MEDIUM
    CVE-2015-10142

    Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download fil... Read more

    Affected Products : managed_cloud
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.4

    HIGH
    CVE-2014-125119

    A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the... Read more

    Affected Products : winrar
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.4

    CRITICAL
    CVE-2014-125118

    A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid userna... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.3

    CRITICAL
    CVE-2014-125117

    A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unaut... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.3

    CRITICAL
    CVE-2014-125116

    A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the applicatio... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 10.0

    CRITICAL
    CVE-2014-125115

    An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials ... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.4

    HIGH
    CVE-2014-125114

    A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.7

    HIGH
    CVE-2013-10032

    An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .ph... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.0

    HIGH
    CVE-2025-8160

    A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is poss... Read more

    Affected Products : ac20_firmware ac20
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025

  • 9.0

    HIGH
    CVE-2025-8159

    A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime ... Read more

    Affected Products : dir-513_firmware
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 8.8

    HIGH
    CVE-2025-52360

    A Cross-Site Scripting (XSS) vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaSc... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 7.1

    HIGH
    CVE-2025-45467

    Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-44608

    CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 0.0

    NA
    CVE-2025-38436

    In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_enti... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 0.0

    NA
    CVE-2025-38435

    In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored, and the context of v8-v31 are damanged. Correctly save/restore v8-v31 to a... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291012 Results