Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-7054

    Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/d... Read more

    Affected Products : quiche
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-55136

    ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-55135

    In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-55134

    In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-55133

    In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-47907

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition ... Read more

    Affected Products : go
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Race Condition

  • 6.6

    MEDIUM
    CVE-2025-44779

    An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.... Read more

    Affected Products : ollama
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 3.7

    LOW
    CVE-2024-56339

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-50952

    openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.... Read more

    Affected Products : openjpeg
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-47188

    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitizatio... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-55401

    An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-52680

    EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.... Read more

    Affected Products : eyoucms
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-8533

    A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-35970

    On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP acces... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-29866

    : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 4.0

    MEDIUM
    CVE-2025-32094

    An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a ... Read more

    Affected Products : akamaighost
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-8583

    Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-8582

    Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-8581

    Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-8580

    Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292803 Results