Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-53656

    Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission o... Read more

    Affected Products : readyapi_functional_testing
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-53661

    Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : testsigma_test_plan_run
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-53662

    Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller fil... Read more

    Affected Products : ifttt_build_notifier
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-53663

    Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controll... Read more

    Affected Products : ibm_cloud_devops
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-51630

    TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.... Read more

    Affected Products : n350rt_firmware n350rt
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-20674

    In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Pat... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authentication

  • 9.5

    CRITICAL
    CVE-2025-4318

    The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7747

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow.... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-7749

    A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sq... Read more

    Affected Products : online_appointment_booking_system
    • Published: Jul. 17, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-7095

    A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the ... Read more

    Affected Products : internet_security
    • Published: Jul. 06, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-53367

    DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays ... Read more

    Affected Products : djvulibre
    • Published: Jul. 03, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-33104

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit... Read more

    • Published: May. 14, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-20965

    Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data.... Read more

    Affected Products : bixby
    • Published: May. 07, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47229

    libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers a call from src/data/dictionary.c code into src/data/var... Read more

    Affected Products : pspp
    • Published: May. 03, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 4.1

    MEDIUM
    CVE-2025-27907

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other atta... Read more

    • Published: Apr. 22, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-2958

    A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial ... Read more

    Affected Products : tew-818dru_firmware tew-818dru
    • Published: Mar. 30, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-47784

    Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to replace the value of `name_orig` with empty, causing deserializatio... Read more

    Affected Products : emlog
    • Published: May. 15, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-7096

    A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation ... Read more

    Affected Products : internet_security
    • Published: Jul. 06, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-53924

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to i... Read more

    Affected Products : emlog
    • Published: Jul. 16, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-53908

    RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged user... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291395 Results