Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-41682

    An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-9663

    A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /edit_account.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    • Published: Aug. 29, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-29894

    An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58158

    Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve a... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-58176

    Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, `transport` in the JSO... Read more

    Affected Products : dive
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-9866

    Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-9690

    A flaw has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. Th... Read more

    Affected Products : advanced_school_management_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-55141

    Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authen... Read more

    Affected Products : connect_secure policy_secure
    • Published: Sep. 09, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-30277

    An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerabili... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-9689

    A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. It is possible to laun... Read more

    Affected Products : advanced_school_management_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8299

    Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi d... Read more

    Affected Products : wi-fi_usb_driver rtl8811au
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6685

    ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw ... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-55409

    FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.... Read more

    Affected Products : foxcms
    • Published: Aug. 25, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-30064

    An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the Veri... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-9687

    A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote l... Read more

    Affected Products : i-educar
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-9580

    A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be la... Read more

    • Published: Aug. 28, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-9608

    A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote expl... Read more

    Affected Products : i-educar
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-46407

    A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to ov... Read more

    Affected Products : sail
    • Published: Aug. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-55422

    In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.... Read more

    Affected Products : foxcms
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48543

    In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede... Read more

    Affected Products : android
    • Actively Exploited
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3930 Results