Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-49142

    Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed... Read more

    Affected Products : nautobot
    • Published: Jun. 10, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-48937

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify ev... Read more

    Affected Products : matrix-rust-sdk
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-48879

    OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The... Read more

    Affected Products : octoprint
    • Published: Jun. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-48067

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has ... Read more

    Affected Products : octoprint
    • Published: Jun. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-47110

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fiel... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-44044

    Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: XML External Entity

  • 5.4

    MEDIUM
    CVE-2025-44043

    Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can sp... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.1

    HIGH
    CVE-2025-43586

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-43585

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security m... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-40591

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-40585

    A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025

  • 5.9

    MEDIUM
    CVE-2025-40569

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-40568

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-40567

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.2), SCALANCE XC324-4 EEC (6GK5328-4TS00-... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-30220

    GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XM... Read more

    Affected Products : geonetwork geoserver geotools geoserver
    • Published: Jun. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2025-27207

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass ... Read more

    Affected Products : commerce commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-27206

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-41797

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-5353

    A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.... Read more

    Affected Products : workspace_control
    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-5335

    A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execu... Read more

    Affected Products : installer
    • Published: Jun. 10, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291551 Results