Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-5818

    The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated atta... Read more

    Affected Products : featured_image_plus
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5753

    The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-8060

    A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to... Read more

    Affected Products : ac23_firmware ac23
    • Published: Jul. 23, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-54120

    PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-54139

    HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.0

    LOW
    CVE-2025-43489

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-43488

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the ... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-43487

    A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software upd... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-43486

    A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the lat... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-43485

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the lat... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-43484

    A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issu... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-43483

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-43022

    A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-43021

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-43020

    A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8011

    Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8010

    Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-7766

    Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-54141

    ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesyst... Read more

    Affected Products : viewvc
    • Published: Jul. 22, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-54140

    pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker ... Read more

    Affected Products : pyload
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291219 Results