Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-54918

    Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 8.8

    HIGH
    CVE-2025-9663

    A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /edit_account.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    • Published: Aug. 29, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-29893

    An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56263

    by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-10016

    The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it ... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8425

    The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_import_strings() function in all versions up to, and including, 1.1. This makes... Read more

    Affected Products : my_wp_translate
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-8300

    Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must ... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-55227

    Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 8.8

    HIGH
    CVE-2025-55422

    In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.... Read more

    Affected Products : foxcms
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-9531

    A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument cod_agenda results in sql injection. It is possible t... Read more

    Affected Products : i-educar
    • Published: Aug. 27, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58013

    Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL allows Privilege Escalation. This issue affects CouponXxL: from n/a through 4.5.0.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-9608

    A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote expl... Read more

    Affected Products : i-educar
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10814

    A vulnerability was determined in D-Link DIR-823X 240126/240802/250416. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection. The attack can be initiated ... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 22, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58180

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arb... Read more

    Affected Products : octoprint
    • Published: Sep. 09, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-55298

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly pa... Read more

    Affected Products : imagemagick
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-58158

    Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve a... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-58756

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=T... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-10210

    A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The ... Read more

    Affected Products : chancms
    • Published: Sep. 10, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10592

    A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_field/search_text... Read more

    Affected Products : online_public_access_catalog
    • Published: Sep. 17, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10419

    A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the argument sy leads to sql injection. The attack can be laun... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection
Showing 20 of 4391 Results