Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-0913

    os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a syml... Read more

    Affected Products : go windows
    • Published: Jun. 11, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-6002

    An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execut... Read more

    Affected Products : virtuemart
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-6001

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the Vir... Read more

    Affected Products : virtuemart
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-4673

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.... Read more

    Affected Products : go
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-40915

    Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-22874

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.... Read more

    Affected Products : go
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cryptography

  • 2.8

    LOW
    CVE-2025-1699

    An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 2.8

    LOW
    CVE-2025-1698

    Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-26383

    The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-49148

    ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory bef... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-49146

    pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with aut... Read more

    Affected Products : postgresql_jdbc_driver
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-48448

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.... Read more

    Affected Products : drupal admin_audit_trail
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-48447

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.... Read more

    Affected Products : drupal lightgallery
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48446

    Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.... Read more

    Affected Products : drupal commerce_alphabank_redirect
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48445

    Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.... Read more

    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-48444

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal quick_node_block
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-48013

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal quick_node_block
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-3473

    IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.... Read more

    • Published: Jun. 11, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0163

    IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.... Read more

    • Published: Jun. 11, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-4922

    Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.... Read more

    Affected Products : nomad
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 291659 Results