Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-7210

    pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.... Read more

    Affected Products : debian_linux pdns
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2014-6274

    git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they... Read more

    Affected Products : git-annex
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2014-0468

    Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.... Read more

    Affected Products : fusionforge
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-5995

    Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the director... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-53122

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.  Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian... Read more

    Affected Products : horizon meridian
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-49592

    n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misl... Read more

    Affected Products : n8n
    • Published: Jun. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2013-1424

    Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.... Read more

    Affected Products : matplotlib
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-53121

    Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. ... Read more

    Affected Products : horizon meridian
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-52904

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-52903

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-53013

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host i... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-49603

    Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-52477

    Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal n... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-30131

    An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2024-52928

    Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.... Read more

    Affected Products : windows arc
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-6702

    A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to la... Read more

    Affected Products : litemall
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-6701

    A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack... Read more

    Affected Products : xxl-sso
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-6700

    A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated r... Read more

    Affected Products : xxl-sso
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-6699

    A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/So... Read more

    Affected Products : wegia
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51671

    A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-cate... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection
Showing 20 of 292795 Results