Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-54139

    HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.0

    LOW
    CVE-2025-43489

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-43488

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed the issue in the ... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-43487

    A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software upd... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-43486

    A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the lat... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-43485

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the lat... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-43484

    A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issu... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-43483

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-43022

    A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-43021

    A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-43020

    A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.... Read more

    Affected Products : poly_clariti_manager_firmware
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8011

    Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Jul. 22, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8010

    Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Jul. 22, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-7766

    Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-54141

    ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesyst... Read more

    Affected Products : viewvc
    • Published: Jul. 22, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-54140

    pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker ... Read more

    Affected Products : pyload
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-54138

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpo... Read more

    Affected Products : librenms
    • Published: Jul. 22, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-54137

    HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-54072

    yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for rem... Read more

    Affected Products : yt-dlp
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-53703

    DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography
Showing 20 of 291335 Results