Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7911

    A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-ba... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-53771

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Jul. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-7910

    A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer ove... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jul. 20, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7909

    A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jul. 20, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7908

    A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffe... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Jul. 20, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-7907

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of ... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-54319

    An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).... Read more

    Affected Products : weos
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-7906

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argume... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-7905

    A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attac... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-54317

    An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-54316

    An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, ma... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-49087

    In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-47917

    Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The do... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-48965

    Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7904

    A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible t... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-7903

    A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers.... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-7902

    A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possi... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-7901

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to ... Read more

    Affected Products : ruoyi
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-7898

    A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unres... Read more

    Affected Products : identsoft
    • Published: Jul. 20, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-7897

    A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authe... Read more

    Affected Products :
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 291741 Results