Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-8205

    A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of ... Read more

    Affected Products : dragon
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-8204

    A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be l... Read more

    Affected Products : dragon
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-8203

    A vulnerability classified as critical has been found in Jingmen Zeyou Large File Upload Control up to 6.3. Affected is an unknown function of the file /index.jsp. The manipulation of the argument ID leads to sql injection. It is possible to launch the at... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-8191

    A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site ... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8190

    A vulnerability, which was classified as critical, has been found in Campcodes Courier Management System 1.0. This issue affects some unknown processing of the file /print_pdets.php. The manipulation of the argument ids leads to sql injection. The attack ... Read more

    Affected Products : courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8189

    A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remote... Read more

    Affected Products : courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8188

    A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /edit_staff.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack r... Read more

    Affected Products : courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8187

    A vulnerability was found in Campcodes Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack ... Read more

    Affected Products : courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8186

    A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_branch.php. The manipulation of the argument ID leads to sql injection. Th... Read more

    Affected Products : courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8185

    A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launc... Read more

    Affected Products : abc_courier_management_system
    • Published: Jul. 26, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8184

    A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulation leads to stac... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2025-8182

    A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be in... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jul. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-6991

    The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'TH_LatestPosts4` widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include an... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-6989

    The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contri... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-5529

    The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-8181

    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to in... Read more

    Affected Products : x2000r_firmware n600r_firmware
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-8180

    A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file /goform/deleteUserName. The manipulation of the argument old_account leads to buffer overflow. T... Read more

    Affected Products : ch22_firmware ch22
    • Published: Jul. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-8097

    The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for unau... Read more

    Affected Products : woodmart
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-7501

    The Wonder Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image title and description DOM in all versions up to, and including, 14.4 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products : wonder_slider_lite
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6987

    The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2025.5 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : advanced_iframe
    • Published: Jul. 26, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291170 Results