Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54447

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-54446

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-54445

    Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-54444

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54443

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54442

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-54441

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54440

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2025-54439

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-54438

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 30, 2025

  • 7.7

    HIGH
    CVE-2025-8021

    All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 8.8

    HIGH
    CVE-2025-8020

    All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the... Read more

    Affected Products : private-ip
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 5.3

    MEDIUM
    CVE-2025-43881

    Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affecte... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 5.9

    MEDIUM
    CVE-2024-53288

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025

  • 5.9

    MEDIUM
    CVE-2024-53287

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025

  • 7.2

    HIGH
    CVE-2024-53286

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to ... Read more

    Affected Products : router_manager router_manager
    • Published: Jul. 23, 2025
    • Modified: Jul. 29, 2025

  • 5.5

    MEDIUM
    CVE-2025-42947

    SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact o... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 8.8

    HIGH
    CVE-2025-7722

    The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 6.4

    MEDIUM
    CVE-2025-6261

    The Fleetwire Fleet Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fleetwire_list shortcode in all versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 5.3

    MEDIUM
    CVE-2025-6215

    The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public (permission_callback always returns true) and invokes wp_create_user(... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291022 Results