Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-4685

    The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of multiple widgets, in all versions up to, and including, 3.4.8 due to insufficient input s... Read more

    Affected Products : gutentor
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-7369

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possib... Read more

    Affected Products : shortcodes_ultimate
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2025-41674

    A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-41676

    A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-41677

    A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-41678

    A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-41679

    An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.... Read more

    Affected Products : mbnet.mini_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-41458

    Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 4.4

    MEDIUM
    CVE-2025-2301

    Authorization Bypass Through User-Controlled Key vulnerability in Akbim Software Online Exam Registration allows Exploitation of Trusted Identifiers.This issue affects Online Exam Registration: before 14.03.2025.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-30192

    An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS en... Read more

    Affected Products : recursor
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-41100

    Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-4040

    Authorization Bypass Through User-Controlled Key vulnerability in Turpak Automatic Station Monitoring System allows Privilege Escalation.This issue affects Automatic Station Monitoring System: before 5.0.6.51.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2024-13973

    A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.... Read more

    Affected Products : firewall firewall_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-13974

    A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.... Read more

    Affected Products : firewall firewall_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-6235

    In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inj... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-7382

    A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user i... Read more

    Affected Products : firewall firewall_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7624

    An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than ... Read more

    Affected Products : firewall firewall_firmware
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-7864

    A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted uploa... Read more

    Affected Products : jeesite
    • Published: Jul. 20, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-7495

    The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : wp-members
    • Published: Jul. 22, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-7705

    : Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291384 Results