Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-30477

    Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : powerscale_onefs
    • Published: Jul. 21, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-7930

    A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobile leads to sql ... Read more

    Affected Products : church_donation_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7929

    A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible... Read more

    Affected Products : church_donation_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-52374

    Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 4.6

    MEDIUM
    CVE-2025-52373

    Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 5.1

    MEDIUM
    CVE-2025-52372

    An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-44658

    In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tr... Read more

    Affected Products : rax30_firmware rax30
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-44657

    In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for i... Read more

    Affected Products : ea6350_firmware ea6350
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-44655

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal n... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44651

    In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    Affected Products : tpl-430ap_firmware tpl-430ap
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44650

    In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-44647

    In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline att... Read more

    Affected Products : tew-wlc100p_firmware tew-wlc100p
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-55040

    Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.... Read more

    Affected Products : web600_firmware web600
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-7928

    A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edit_user.php. The manipulation of the argument firstname leads to sql injection. The attack ... Read more

    Affected Products : church_donation_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7927

    A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. Th... Read more

    Affected Products : online_banquet_booking_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-46123

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest password to memor... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-46122

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46121

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A re... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-46120

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates o... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-46119

    An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where an authenticated request to the management endpoint `/admin/_cmdstat.jsp` discloses the administrato... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291360 Results