Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    CVSS31
    CVE-2025-49491

    Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    CVSS31
    CVE-2025-49481

    Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C. This issue affects Falcon_Linux、Kestrel、Lapwing_... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    CVSS31
    CVE-2025-49482

    Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr098.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    CVSS31
    CVE-2025-49483

    Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before ... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    CVSS31
    CVE-2025-46259

    Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 5.4

    CVSS31
    CVE-2025-6725

    In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 5.3

    CVSS31
    CVE-2025-6920

    A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authenti... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 5.3

    CVSS31
    CVE-2025-45424

    Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 5.3

    CVSS31
    CVE-2024-13451

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads ... Read more

    Affected Products : contact_form_builder
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 5.3

    CVSS31
    CVE-2025-46647

    A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect pr... Read more

    Affected Products : apisix
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 5.0

    CVSS31
    CVE-2025-52925

    In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 4.9

    CVSS31
    CVE-2025-27026

    A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI ... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 4.8

    CVSS31
    CVE-2025-36582

    Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to I... Read more

    Affected Products : networker
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 4.8

    CVSS31
    CVE-2025-20307

    A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability i... Read more

    Affected Products : broadworks_commpilot_application
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 4.3

    CVSS31
    CVE-2025-6951

    A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for thi... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 01, 2025

  • 4.2

    CVSS31
    CVE-2025-24328

    Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 3.8

    CVSS31
    CVE-2025-6942

    The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 3.8

    CVSS31
    CVE-2025-6943

    Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.... Read more

    Affected Products : secret_server
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025

  • 3.7

    CVSS31
    CVE-2025-6932

    A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of ha... Read more

    Affected Products :
    • Published: Jun. 30, 2025
    • Modified: Jun. 30, 2025

  • 3.7

    CVSS31
    CVE-2025-4654

    The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 02, 2025
Showing 20 of 183 Results
© cvefeed.io
Latest DB Update: Jul. 02, 2025 23:10