Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-7794

    A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. ... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7793

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible t... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7792

    A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attac... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-7783

    Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.... Read more

    Affected Products : form-data
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-53762

    Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : purview office_purview
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-52162

    agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2025-50586

    StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.9

    CRITICAL
    CVE-2025-49747

    Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-49746

    Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47995

    Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_machine_learning
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-47158

    Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_devops
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-45157

    Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-45156

    Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-7791

    A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site s... Read more

    • Published: Jul. 18, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7790

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out_port/proto lead... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-7789

    A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The man... Read more

    Affected Products : xxl-job
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 9.4

    CRITICAL
    CVE-2025-54079

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` par... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-54078

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGI... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54077

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA appli... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54076

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGI... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291659 Results