Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-50454

    An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-8585

    A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is... Read more

    Affected Products : libav
    • Published: Aug. 05, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-8584

    A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Lo... Read more

    Affected Products : libav
    • Published: Aug. 05, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-7674

    Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2025-54254

    Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensi... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: XML External Entity

  • 10.0

    CRITICAL
    CVE-2025-54253

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-43980

    An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 7.4

    HIGH
    CVE-2025-43978

    Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated atta... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46658

    An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-43979

    An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-54874

    OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.... Read more

    Affected Products : openjpeg
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-50707

    An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component... Read more

    Affected Products : thinkphp
    • Published: Aug. 05, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-50706

    An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function... Read more

    Affected Products : thinkphp
    • Published: Aug. 05, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-47152

    An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially le... Read more

    Affected Products : pdf-xchange_editor
    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-46958

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.9

    LOW
    CVE-2025-44964

    A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.... Read more

    Affected Products : bluestacks
    • Published: Aug. 05, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2025-2611

    The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-29745

    A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-27931

    An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the... Read more

    Affected Products : pdf-xchange_editor
    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-7033

    A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threa... Read more

    Affected Products : arena
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292387 Results