Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-49591

    CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain a... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-49590

    CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before ... Read more

    Affected Products : cryptpad
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-26199

    CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-6192

    Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6191

    Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-29646

    An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-26198

    CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows una... Read more

    Affected Products : cloudclassroom-php_project
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-20260

    A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability... Read more

    Affected Products : clamav
    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-20271

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an a... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-20234

    A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scann... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-1349

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-1348

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-54172

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user t... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-4821

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by ... Read more

    Affected Products : quiche
    • Published: Jun. 18, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-4820

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by ... Read more

    Affected Products : quiche
    • Published: Jun. 18, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-44952

    A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-44951

    A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-36049

    IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: XML External Entity

  • 7.2

    HIGH
    CVE-2025-36048

    IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-54183

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alte... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292795 Results