Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.7

    LOW
    CVE-2025-52884

    RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `S... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-52883

    Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-52572

    Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizin... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6579

    A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /message_admin.php. The manipulation of the argument Message leads to sql injection. The attack may be ... Read more

    Affected Products : car_rental_system
    • Published: Jun. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6578

    A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_account.php. The manipulation of the argument admin_id leads to sql ... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-6557

    Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Lo... Read more

    Affected Products : chrome windows edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-6556

    Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-6555

    Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 4.2

    MEDIUM
    CVE-2025-53021

    A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the... Read more

    Affected Products : moodle
    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-52888

    Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure t... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-52882

    Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-52880

    Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epu... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-52571

    Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is p... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-52471

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF... Read more

    Affected Products : esp-idf
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-49853

    ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.... Read more

    Affected Products : control_id_idsecure
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-49852

    ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.... Read more

    Affected Products : control_id_idsecure
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-49851

    ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.... Read more

    Affected Products : control_id_idsecure
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2024-56917

    Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 24, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-37743

    An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.... Read more

    Affected Products : knowledgegpt
    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-5087

    Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext cred... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292768 Results