Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    CVSS31
    CVE-2025-27025

    The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target ... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-6463

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including... Read more

    Affected Products : forminator_forms
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-6940

    A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the a... Read more

    Affected Products : a702r_firmware
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 8.8

    CVSS31
    CVE-2025-6459

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate f... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-3848

    The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to ... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-45080

    YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 8.8

    CVSS31
    CVE-2025-45081

    Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 8.4

    CVSS31
    CVE-2025-36630

    In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.... Read more

    Affected Products : nessus
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.2

    CVSS31
    CVE-2025-6297

    It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files ... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 8.1

    CVSS31
    CVE-2025-4946

    The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 8.1

    CVSS31
    CVE-2025-4380

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it p... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 7.8

    CVSS31
    CVE-2024-46992

    Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypa... Read more

    Affected Products : electron
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 7.5

    CVSS31
    CVE-2025-37098

    A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 7.5

    CVSS31
    CVE-2025-4381

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the user supp... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 7.5

    CVSS31
    CVE-2025-6437

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 7.5

    CVSS31
    CVE-2025-53107

    @cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an at... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 7.5

    CVSS31
    CVE-2025-6464

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' funct... Read more

    Affected Products : forminator_forms
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 7.5

    CVSS31
    CVE-2025-27022

    A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authentic... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 7.5

    CVSS31
    CVE-2025-37097

    A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 7.5

    CVSS31
    CVE-2025-5339

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied par... Read more

    Affected Products : ads_pro
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025
Showing 20 of 183 Results
© cvefeed.io
Latest DB Update: Jul. 02, 2025 22:27