Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-2141

    IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embe... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6936

    A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate t... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6935

    A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulation of the argument cid leads to sql injection. The att... Read more

    Affected Products : sales_and_inventory_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-6932

    A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of ha... Read more

    Affected Products : dcs-7517_firmware dcs-7517
    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-6931

    A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulat... Read more

    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-6930

    A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/manage-foreigners-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to l... Read more

    Affected Products : zoo_management_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-6554

    Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)... Read more

    • Actively Exploited
    • Published: Jun. 30, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6929

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/view-normal-ticket.php. The manipulation of the argument viewid leads to sql injection. The att... Read more

    Affected Products : zoo_management_system
    • Published: Jun. 30, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-53004

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigge... Read more

    Affected Products : dataease
    • Published: Jun. 30, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-49521

    A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or acce... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49520

    A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-32463

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.... Read more

    • Published: Jun. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-32462

    Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.... Read more

    Affected Products : sudo
    • Published: Jun. 30, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-52997

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication proce... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52996

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in po... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-52995

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more ... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-52901

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-52491

    Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.... Read more

    Affected Products : cloudtest
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2025-49493

    Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.... Read more

    Affected Products : cloudtest
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-36593

    Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid prot... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication
Showing 20 of 291775 Results