Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-34147

    An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in Extender mode via its captive portal, the extap2g SSID field is inserted unescaped into a reboot-... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-45183

    An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2013-10054

    An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2013-10052

    ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This ... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-8518

    A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-51535

    Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-51534

    A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-50422

    Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.... Read more

    Affected Products : cairo
    • Published: Aug. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-50420

    An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 9.0

    CRITICAL
    CVE-2025-44963

    RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2025-44962

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-44961

    In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-44960

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-44958

    RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-44957

    Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-44954

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-8517

    A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-8516

    A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingde... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-5988

    A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-44955

    RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 292001 Results