Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-9689

    A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. It is possible to laun... Read more

    Affected Products : advanced_school_management_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30264

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerabilit... Read more

    Affected Products : quts_hero qts
    • Published: Aug. 29, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-48208

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom c... Read more

    Affected Products : hertzbeat
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10429

    A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services results in sql injection. T... Read more

    • Published: Sep. 15, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-36901

    WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2025-59145

    color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload ... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 8.8

    HIGH
    CVE-2025-58180

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arb... Read more

    Affected Products : octoprint
    • Published: Sep. 09, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-55068

    Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denia... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-49564

    The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-59162

    color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch vers... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Supply Chain

  • 8.8

    HIGH
    CVE-2025-54897

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 8.8

    HIGH
    CVE-2025-55422

    In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.... Read more

    Affected Products : foxcms
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-54742

    Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.... Read more

    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-36342

    Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-53969

    Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-34165

    A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-9684

    A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote explo... Read more

    Affected Products : i-educar
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-30036

    Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up t... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-9532

    A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has ... Read more

    Affected Products : i-educar
    • Published: Aug. 27, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54918

    Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
Showing 20 of 4411 Results