Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-56731

    Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can exec... Read more

    Affected Products : gogs
    • Published: Jun. 24, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6560

    Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials.  The affected mo... Read more

    Affected Products : br270n_firmware brc76n_firmware
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-6559

    Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device ... Read more

    Affected Products : br270n_firmware brc76n_firmware
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-6552

    A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument re... Read more

    Affected Products : hope-boot
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-52574

    SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-52560

    Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (d... Read more

    Affected Products : kanboard
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2025-48470

    Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, o... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-48469

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-48468

    Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-48467

    Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-48466

    Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-48463

    Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tamp... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 4.2

    MEDIUM
    CVE-2025-48462

    Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2025-48461

    Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and res... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-6551

    A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site ... Read more

    Affected Products : hope-boot
    • Published: Jun. 24, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-6536

    A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally i... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-34041

    An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicio... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34040

    An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated durin... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-34039

    A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary ... Read more

    Affected Products : ufida-nc
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-34038

    A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through t... Read more

    Affected Products :
    • Published: Jun. 24, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection
Showing 20 of 292802 Results