Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    CVSS31
    CVE-2025-6248

    A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.... Read more

    Affected Products : browser
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 7.3

    CVSS31
    CVE-2025-7814

    A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injection. The attack ca... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 7.3

    CVSS31
    CVE-2025-7764

    A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is ... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025

  • 7.3

    CVSS31
    CVE-2025-7765

    A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to s... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025

  • 7.3

    CVSS31
    CVE-2025-7757

    A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack ca... Read more

    Affected Products : land_record_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025

  • 7.3

    CVSS31
    CVE-2025-7801

    A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 7.1

    CVSS31
    CVE-2025-52169

    agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 7.1

    CVSS31
    CVE-2025-23270

    NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code executio... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 7.0

    CVSS31
    CVE-2025-53945

    apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 co... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 7.0

    CVSS31
    CVE-2025-1700

    A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.... Read more

    Affected Products : software_fix
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 6.8

    CVSS31
    CVE-2025-6233

    Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.... Read more

    Affected Products : mattermost_server
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 6.7

    CVSS31
    CVE-2025-6249

    An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.... Read more

    Affected Products : filez_client
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 6.7

    CVSS31
    CVE-2024-27779

    An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 a... Read more

    Affected Products : fortisandbox fortiisolator
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 6.7

    CVSS31
    CVE-2025-4657

    A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.... Read more

    Affected Products : app_store pc_manager browser
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 6.7

    CVSS31
    CVE-2025-1729

    A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.... Read more

    Affected Products : trackpoint_quick_menu
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025

  • 6.5

    CVSS31
    CVE-2025-6717

    The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-7784

    A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforc... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-54078

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGI... Read more

    Affected Products : wegia
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-52163

    A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-45157

    Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 18, 2025
Showing 20 of 192 Results
© cvefeed.io
Latest DB Update: Jul. 18, 2025 23:28