Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.0

    LOW
    CVE-2025-47820

    Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cryptography

  • 6.4

    MEDIUM
    CVE-2025-47819

    Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 2.2

    LOW
    CVE-2025-47818

    Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-6738

    A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The m... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6736

    A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. T... Read more

    Affected Products : cms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-6735

    A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack r... Read more

    Affected Products : cms
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-6734

    A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer ... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6733

    A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument Group... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3699

    Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Ver... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-6732

    A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It ... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-6731

    A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to pa... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 6.2

    MEDIUM
    CVE-2025-5731

    A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.... Read more

    • Published: Jun. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 3.9

    LOW
    CVE-2015-0849

    pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.... Read more

    Affected Products : pycode-browser
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2015-0843

    yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2015-0842

    yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52555

    Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root... Read more

    Affected Products : ceph
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2014-7210

    pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.... Read more

    Affected Products : debian_linux pdns
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2014-6274

    git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they... Read more

    Affected Products : git-annex
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2014-0468

    Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.... Read more

    Affected Products : fusionforge
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-5995

    Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the director... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292811 Results