Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-49151

    The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-20282

    A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerabilit... Read more

    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2023-44915

    A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-6615

    A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer ... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jun. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6614

    A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jun. 25, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6612

    A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/removeCategories.php. The manipulation of the argument categoriesId leads to sql ... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6611

    A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/createBrand.php. The manipulation of the argument brandStatus leads to sql inject... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-52479

    HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF ch... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-50179

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition... Read more

    Affected Products : tuleap
    • Published: Jun. 25, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.6

    MEDIUM
    CVE-2025-50178

    GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owne... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-49845

    Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`... Read more

    Affected Products : discourse
    • Published: Jun. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 4.6

    MEDIUM
    CVE-2025-44206

    Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage (Mobile) v10.2402 are vulnerable to Cross Site Scripting (XSS) which allows a remote authenticated attacker with access to the Broadcast (Person) fun... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-25905

    Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.... Read more

    Affected Products : cadclick
    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-20281

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-20264

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insuf... Read more

    Affected Products : identity_services_engine
    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-57708

    An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerabil... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-6610

    A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulation of the argument FirstName leads to sql injection. It i... Read more

    Affected Products : employee_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6609

    A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The manipulation of the argument fromdate/todate ... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6608

    A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-services.php. The manipulation of the argument editid leads to... Read more

    Affected Products : best_salon_management_system
    • Published: Jun. 25, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-49135

    CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project or task backup to check that the filename specified in the query parameter refe... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization
Showing 20 of 292801 Results