Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.2

    LOW
    CVE-2025-0250

    HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 3.3

    LOW
    CVE-2025-0249

    HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token was not invalidated which may allow attackers to access sensitive data without authorization.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025

  • 8.9

    HIGH
    CVE-2025-54379

    LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project... Read more

    Affected Products : ekuiper
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 8.5

    HIGH
    CVE-2025-53940

    Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 6.4

    MEDIUM
    CVE-2025-3614

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escapin... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025

  • 9.3

    CRITICAL
    CVE-2025-32429

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleted... Read more

    Affected Products : xwiki
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 7.3

    HIGH
    CVE-2025-22165

    This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbit... Read more

    Affected Products : sourcetree
    • Published: Jul. 24, 2025
    • Modified: Jul. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-8123

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the a... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 5.9

    MEDIUM
    CVE-2025-7404

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1... Read more

    Affected Products : calibre-web
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-6260

    The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the the... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 7.6

    HIGH
    CVE-2025-31955

    HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 7.1

    HIGH
    CVE-2025-31953

    HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 7.1

    HIGH
    CVE-2025-31952

    HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 8.7

    HIGH
    CVE-2025-6998

    ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. ... Read more

    Affected Products : calibre-web
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 5.4

    MEDIUM
    CVE-2025-8115

    A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument regi... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025

  • 7.8

    HIGH
    CVE-2025-5039

    A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.... Read more

    • Published: Jul. 24, 2025
    • Modified: Aug. 19, 2025

  • 6.5

    MEDIUM
    CVE-2025-45702

    SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.... Read more

    Affected Products :
    • Published: Jul. 24, 2025
    • Modified: Jul. 25, 2025

  • 9.0

    CRITICAL
    CVE-2025-53084

    A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to... Read more

    Affected Products : avideo
    • Published: Jul. 24, 2025
    • Modified: Jul. 29, 2025

  • 9.6

    CRITICAL
    CVE-2025-50128

    A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get... Read more

    Affected Products : avideo
    • Published: Jul. 24, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-48732

    An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.... Read more

    Affected Products : avideo
    • Published: Jul. 24, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 291005 Results