Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-53498

    Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-53495

    Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-53488

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - WikiHiero Extension allows Stored XSS.This issue affects Mediawiki - WikiHiero Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-53478

    The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension:... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-7139

    A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The man... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-7138

    A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/admin-profile.php. The manipulation of the argument adminname leads to sql injection... Read more

    Affected Products : best_salon_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 8.1

    HIGH
    CVE-2025-53536

    Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2025-53535

    Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-lin... Read more

    Affected Products : better_auth
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-20325

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-20324

    In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwri... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-20323

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is bec... Read more

    Affected Products : splunk
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-20322

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a ... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-20321

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.3

    HIGH
    CVE-2025-20320

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-20319

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input san... Read more

    Affected Products : splunk
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-20300

    In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only acces... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2024-43190

    IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.... Read more

    • Published: Jul. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-37658

    An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.... Read more

    Affected Products : gnuboard
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-37657

    An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.... Read more

    Affected Products : gnuboard
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-37656

    An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.... Read more

    Affected Products : gnuboard
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291275 Results