Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.9

    HIGH
    CVE-2025-53818

    GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerabi... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-53643

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version... Read more

    Affected Products : aiohttp
    • Published: Jul. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-53640

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could... Read more

    Affected Products : indico
    • Published: Jul. 14, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-53639

    MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statem... Read more

    Affected Products : metersphere
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-53623

    The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class. This vulnerability can be exploited by an attacker to e... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-53101

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename temp... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2025-53019

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename templ... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-53015

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.5

    MEDIUM
    CVE-2025-7628

    A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads ... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-7627

    A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the function fileUpload of the file /fileUpload. The manipulation of the argument File leads ... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-53014

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that caus... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-52363

    Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative... Read more

    Affected Products : cp3_pro_firmware cp3_pro
    • Published: Jul. 14, 2025
    • Modified: Aug. 02, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-7626

    A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerability is the function onlinePreview of the file /onlinePreview. The manipulation of the a... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-7625

    A vulnerability, which was classified as critical, was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download. The manipulation of the argument url leads to path tra... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-51660

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-51659

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-51658

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-51657

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-51656

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-51655

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection
Showing 20 of 291295 Results