Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-54423

    copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including ... Read more

    Affected Products : copyparty
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-54419

    A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an at... Read more

    Affected Products : node_saml
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50486

    Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : e-diary_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50485

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : online_course_registration
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-29534

    An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-suppl... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-8283

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a contain... Read more

    • Published: Jul. 28, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-8194

    There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the p... Read more

    Affected Products : python
    • Published: Jul. 28, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-50487

    Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.... Read more

    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025

  • 7.1

    HIGH
    CVE-2025-50484

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : small_crm
    • Published: Jul. 28, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-54299

    A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-54298

    A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-50492

    Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : e-diary_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50491

    Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : bank_locker_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50489

    Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : student_result_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50488

    Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : online_library_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-43023

    A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-7676

    DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to lo... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-54538

    In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-54537

    In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-54536

    In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291389 Results