Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-54319

    An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).... Read more

    Affected Products : weos
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-7906

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argume... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-7905

    A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attac... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-54317

    An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-54316

    An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, ma... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-49087

    In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-47917

    Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The do... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-48965

    Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7904

    A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible t... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-7903

    A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers.... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-7902

    A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possi... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-7901

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to ... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-7898

    A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unres... Read more

    Affected Products : identsoft
    • Published: Jul. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-7897

    A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authe... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-7896

    A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traver... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-7895

    A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argu... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-46385

    CWE-918 Server-Side Request Forgery (SSRF)... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-46384

    CWE-434 Unrestricted Upload of File with Dangerous Type... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-46383

    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-46382

    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291395 Results