Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-50777

    The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data includ... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-50464

    A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size ... Read more

    Affected Products : nas_firmware nas
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-36609

    Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products : smartfabric_os10
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-36608

    Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized... Read more

    Affected Products : smartfabric_os10
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2025-30103

    Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access... Read more

    Affected Products : smartfabric_os10
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8328

    A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. The a... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 30, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8327

    A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 30, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-30480

    Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.... Read more

    Affected Products : powerprotect_data_manager
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-30105

    Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be... Read more

    Affected Products : xtremio_management_server
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-26332

    TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information ex... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-45620

    An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request... Read more

    Affected Products : ptc310uv2_firmware ptc310uv2
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-45619

    An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function... Read more

    Affected Products : ptc310uv2_firmware ptc310uv2
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-36611

    Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privil... Read more

    Affected Products : encryption
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25692

    A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25691

    A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2024-45955

    Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.... Read more

    Affected Products : zena
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-8353

    UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard c... Read more

    Affected Products : devolutions_server
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-8312

    Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * D... Read more

    Affected Products : devolutions_server
    • Published: Jul. 30, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-54656

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs witho... Read more

    Affected Products : struts_extras
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-50578

    LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and ... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291531 Results