Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-44890

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-43973

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-1734

    A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestri... Read more

    • Published: Mar. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-43933

    fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-43964

    In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-44192

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-43845

    Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, w... Read more

    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-43955

    TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... Read more

    Affected Products : convertigo
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43984

    An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID param... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-43846

    Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_path1 variable takes user input (e.g. a path to a model) and passes it to the show_info fu... Read more

    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43852

    Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr functi... Read more

    • Published: May. 05, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43982

    Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-43275

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-43232

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to bypass certain Privacy preferences.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-3831

    Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.... Read more

    Affected Products : harmony_sase
    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-43198

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-43193

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to cause a denial-of-service.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-43244

    A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-43199

    A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-24538

    Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal... Read more

    Affected Products : go
    • Published: Apr. 06, 2023
    • Modified: Feb. 12, 2025
Showing 20 of 292781 Results