Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2025-5087

    Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext cred... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-2566

    Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-53073

    In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not trea... Read more

    Affected Products : sentry
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-49147

    Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the config... Read more

    Affected Products : umbraco_cms
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.0

    MEDIUM
    CVE-2025-23260

    NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-56916

    In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript t... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-4378

    Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass.This issue affects ATA-AOF Mobile Application: before 20.06.20... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-56918

    In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-6570

    A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql i... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-50699

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-50695

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-50693

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-4383

    Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass.This issue affects Wi-Fi Cloud Hotspot: before 3... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-44531

    An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-23265

    NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Priv... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23264

    NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Priv... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2021-41691

    A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.... Read more

    Affected Products : opensis
    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-6569

    A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcat... Read more

    Affected Products : school_fees_payment_system
    • Published: Jun. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-6568

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6567

    A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql... Read more

    • Published: Jun. 24, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection
Showing 20 of 292749 Results