Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-7797

    A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The manipulation of the argument base_init_url leads to null poi... Read more

    Affected Products : gpac
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-7796

    A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible ... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7795

    A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflo... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-53901

    Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is trig... Read more

    Affected Products : wasmtime
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-52168

    Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-52166

    Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-52164

    Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    HIGH
    CVE-2025-7794

    A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. ... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7793

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible t... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7792

    A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attac... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-7783

    Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.... Read more

    Affected Products : form-data
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-53762

    Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : purview office_purview
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-52162

    agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2025-50586

    StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.9

    CRITICAL
    CVE-2025-49747

    Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-49746

    Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47995

    Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-47158

    Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_devops
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-45157

    Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-45156

    Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291526 Results