Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2025-31267

    An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information.... Read more

    Affected Products : app_store_connect
    • Published: Jul. 10, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-1727

    The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake contro... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-7417

    A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument ip leads to stac... Read more

    Affected Products : o3 o3_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7416

    A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffe... Read more

    Affected Products : o3 o3_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-6392

    Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. T... Read more

    Affected Products : brocade_sannav
    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2025-53637

    Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull reque... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-24798

    Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-7415

    A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to comma... Read more

    Affected Products : o3 o3_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7414

    A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injec... Read more

    Affected Products : o3 o3_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-6390

    Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs ar... Read more

    Affected Products : brocade_sannav
    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-4662

    Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit l... Read more

    Affected Products : brocade_sannav
    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-3947

    The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer d... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-3946

    The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, whi... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-2523

    The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, whic... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-2522

    The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulatio... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-2521

    The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper inde... Read more

    Affected Products : c200e_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7413

    A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate ... Read more

    Affected Products : library_system
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-7412

    A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. ... Read more

    Affected Products : library_system
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-7021

    Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive full... Read more

    Affected Products : operator
    • Published: Jul. 10, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-53634

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not requi... Read more

    Affected Products : chall-manager
    • Published: Jul. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291394 Results