Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45814

    Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-45424

    Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-20309

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root accoun... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-20307

    A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability i... Read more

    • Published: Jul. 02, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2025-6943

    Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-6942

    The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-53359

    ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification devi... Read more

    Affected Products : ethereum
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-53358

    kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the index_fn method accepts both URLs and local file paths without validation. The pipeline streams these paths direc... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-52886

    Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the... Read more

    Affected Products : poppler
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-20310

    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI d... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Jul. 02, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-20308

    A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the ex... Read more

    Affected Products : dna_spaces\ spaces_connector
    • Published: Jul. 02, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-6725

    In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-53494

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - TwoColConflict Extension allows Stored XSS.This issue affects Mediawiki - TwoColConflict Extension: from 1.39.X b... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-53493

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-53492

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-53110

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed direct... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-53109

    Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are ... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-53108

    HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform una... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-53006

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" wit... Read more

    Affected Products : dataease
    • Published: Jul. 02, 2025
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2025-52891

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the re... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291717 Results