Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-7392

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue affects Cookies Addons: from 1.0.0 before 1.2.4.... Read more

    Affected Products : cookies_addons
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-54082

    marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated users to upload arbitrary file... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-44653

    In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option is set to 0 in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected.... Read more

    Affected Products : gr2200_firmware gr2200
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-44649

    In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks ... Read more

    Affected Products : tew-wlc100p_firmware tew-wlc100p
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-43720

    Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile.... Read more

    Affected Products : headwind_mdm
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-36603

    Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information ... Read more

    Affected Products : appsync
    • Published: Jul. 21, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: XML External Entity

  • 6.6

    MEDIUM
    CVE-2025-32744

    Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.... Read more

    Affected Products : appsync
    • Published: Jul. 21, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-30477

    Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : powerscale_onefs
    • Published: Jul. 21, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-7930

    A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobile leads to sql ... Read more

    Affected Products : church_donation_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7929

    A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible... Read more

    Affected Products : church_donation_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-52374

    Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 4.6

    MEDIUM
    CVE-2025-52373

    Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 5.1

    MEDIUM
    CVE-2025-52372

    An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.... Read more

    Affected Products : hmailserver
    • Published: Jul. 21, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-44658

    In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tr... Read more

    Affected Products : rax30_firmware rax30
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-44657

    In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for i... Read more

    Affected Products : ea6350_firmware ea6350
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-44655

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal n... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44651

    In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    Affected Products : tpl-430ap_firmware tpl-430ap
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44650

    In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-44647

    In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline att... Read more

    Affected Products : tew-wlc100p_firmware tew-wlc100p
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-55040

    Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.... Read more

    Affected Products : web600_firmware web600
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291526 Results