Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-50181

    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users ... Read more

    Affected Products : urllib3
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-24291

    The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an att... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-24288

    The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-24287

    A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.... Read more

    Affected Products :
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-24286

    A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jun. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-23173

    The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces sign... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-23172

    The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP req... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2025-23171

    The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-23170

    The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user ... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-23169

    The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to ... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-23168

    The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-23121

    A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jun. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-45208

    The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versi... Read more

    Affected Products : versa_director
    • Published: Jun. 19, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-49591

    CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain a... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-49590

    CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before ... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-26199

    CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-6192

    Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6191

    Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-29646

    An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-26198

    CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows una... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection
Showing 20 of 292768 Results