Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-25224

    The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.... Read more

    Affected Products : wp_database_backup
    • Published: Jul. 25, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2015-10144

    The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-l... Read more

    Affected Products : thumbnail_carousel_slider
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 9.8

    CRITICAL
    CVE-2015-10143

    The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possib... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-8125

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataScope] leads to sql... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 4.1

    MEDIUM
    CVE-2025-54558

    OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 2.0

    LOW
    CVE-2025-0253

    HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 2.6

    LOW
    CVE-2025-0252

    HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 2.6

    LOW
    CVE-2025-0251

    HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-8124

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument params[dataScope] l... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 8.3

    HIGH
    CVE-2025-7742

    An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that allows an attack... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 2.2

    LOW
    CVE-2025-0250

    HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 3.3

    LOW
    CVE-2025-0249

    HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token was not invalidated which may allow attackers to access sensitive data without authorization.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 8.9

    HIGH
    CVE-2025-54379

    LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project... Read more

    Affected Products : ekuiper
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 8.5

    HIGH
    CVE-2025-53940

    Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 6.4

    MEDIUM
    CVE-2025-3614

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escapin... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025

  • 9.3

    CRITICAL
    CVE-2025-32429

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleted... Read more

    Affected Products : xwiki
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 7.3

    HIGH
    CVE-2025-22165

    This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbit... Read more

    Affected Products : sourcetree
    • Published: Jul. 24, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-8123

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the a... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 5.9

    MEDIUM
    CVE-2025-7404

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1... Read more

    Affected Products : calibre-web
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-6260

    The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the the... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 290995 Results