Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-52936

    Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-52935

    Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.... Read more

    Affected Products : dragonfly
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2025-27387

    OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.... Read more

    Affected Products : coloros
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 9.6

    CRITICAL
    CVE-2024-45347

    An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-3511

    An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a s... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-6503

    A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/fetchSelectedCategories.php. The manipulation of the argument categoriesId leads to s... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6502

    A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6501

    A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_action/createCategories.php. The manipulation of the argument categoriesStatus leads to sql inject... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6500

    A vulnerability, which was classified as critical, has been found in code-projects Inventory Management System 1.0. Affected by this issue is some unknown functionality of the file /php_action/editCategories.php. The manipulation of the argument editCateg... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-6499

    A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack ne... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-6498

    A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit ha... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-6497

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The e... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2025-52926

    In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025

  • 4.8

    MEDIUM
    CVE-2025-6496

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to ... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-6494

    A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-bas... Read more

    Affected Products : nokogiri
    • Published: Jun. 22, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-6493

    A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular ex... Read more

    Affected Products : codemirror
    • Published: Jun. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-6492

    A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient r... Read more

    Affected Products : marktext
    • Published: Jun. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-6490

    A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based ... Read more

    Affected Products : nokogiri
    • Published: Jun. 22, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6489

    A vulnerability has been found in itsourcecode Agri-Trading Online Shopping System 1.0 and classified as critical. This vulnerability affects unknown code of the file /transactionsave.php. The manipulation of the argument del leads to sql injection. The a... Read more

    • Published: Jun. 22, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-6487

    A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The at... Read more

    • Published: Jun. 22, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293351 Results