Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-50581

    MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7805

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-7803

    A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross sit... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-54310

    qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.... Read more

    Affected Products : qbittorrent
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-50708

    An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-50584

    StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7802

    A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross sit... Read more

    Affected Products : complaint_management_system
    • Published: Jul. 18, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7801

    A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-7800

    A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argum... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-7798

    A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/system/structure/getdirectorydata/web/baseinfo/companyMana... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54309

    CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.... Read more

    Affected Products : crushftp
    • Actively Exploited
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-52169

    agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-52163

    A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-50585

    StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-33014

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information... Read more

    • Published: Jul. 18, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-7797

    A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null poi... Read more

    Affected Products : gpac
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-7796

    A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible ... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7795

    A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflo... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-53901

    Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is trig... Read more

    Affected Products : wasmtime
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-52168

    Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization
Showing 20 of 291401 Results