Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-35983

    Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there i... Read more

    Affected Products : controller_7000_firmware
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-5807

    The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : gwolle_guestbook
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4406

    The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : wpforo_forum
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-6976

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escapi... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-6975

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and out... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-6970

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter ... Read more

    Affected Products : events_manager
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-0141

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalP... Read more

    Affected Products : globalprotect_app
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-0140

    An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit ... Read more

    Affected Products : globalprotect_app
    • Published: Jul. 09, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-0139

    An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-6377

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file... Read more

    Affected Products : arena
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6376

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file... Read more

    Affected Products : arena
    • Published: Jul. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-53624

    The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifac... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.1

    MEDIUM
    CVE-2025-52357

    Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. Th... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-53620

    @builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS t... Read more

    Affected Products : qwik
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2025-36599

    Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certa... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2021-27961

    evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-53548

    Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.... Read more

    Affected Products : javascript
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-53645

    Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated ... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-44525

    Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Servi... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-7381

    ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. ... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291401 Results