Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-9074

    A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Iso... Read more

    Affected Products : desktop
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-7768

    Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially mod... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-5777

    Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    • Actively Exploited
    • Published: Jun. 17, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-54792

    LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discover... Read more

    Affected Products : localsend
    • Published: Aug. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-54726

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-54669

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a.... Read more

    Affected Products : mapsvg
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-54120

    PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-53696

    iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.... Read more

    Affected Products : istar_ultra_firmware
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-52832

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search allows SQL Injection. This issue affects NGG Smart Image Search: from n/a through 3.4.1.... Read more

    Affected Products : ngg_smart_image_search
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52829

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DirectIQ DirectIQ Email Marketing allows SQL Injection. This issue affects DirectIQ Email Marketing: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52830

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a thro... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52834

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5.... Read more

    Affected Products : homey
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52556

    rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2025-4568

    Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-4009

    The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-49151

    The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-48274

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2.... Read more

    Affected Products : wp_job_portal
    • Published: Jun. 17, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-48283

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0.... Read more

    Affected Products : majestic_support
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-48057

    Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked in... Read more

    Affected Products : icinga
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-47599

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection
Showing 20 of 292871 Results