Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-55747

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.... Read more

    Affected Products : xwiki
    • Published: Sep. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-58450

    pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from inject... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2009-20006

    osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface allows file uploads and edits without sufficient input validation or access control. An unauthentic... Read more

    Affected Products : oscommerce
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-55748

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configu... Read more

    Affected Products : xwiki
    • Published: Sep. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-34192

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2009-20007

    Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer,... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-10364

    The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-10365

    The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-34184

    Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST paramet... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-55116

    A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-34186

    Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Du... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-52551

    E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-10156

    An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic R... Read more

    Affected Products : picklescan
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-7426

    Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In envir... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-34205

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/a... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-10157

    A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing ... Read more

    Affected Products : picklescan
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-34206

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2011-10032

    Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-6519

    E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-34183

    Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass... Read more

    Affected Products : eve_x1_firmware eve_x1
    • Published: Sep. 16, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4293 Results