Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-58157

    gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough fo... Read more

    Affected Products : gnark-crypto gnark
    • Published: Aug. 29, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-56264

    The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.... Read more

    Affected Products : oneblog
    • Published: Sep. 16, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-55243

    Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : officeplus
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 7.5

    HIGH
    CVE-2024-45671

    IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-53450

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion. This issue affects Easy Pricing Table WP: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-56404

    An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.... Read more

    Affected Products : model_context_protocol
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-58362

    Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx locatio... Read more

    Affected Products : hono
    • Published: Sep. 05, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-56394

    Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-57086

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : w30e_firmware w30e
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-58608

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-10535

    This vulnerability affects Firefox < 143.... Read more

    Affected Products : firefox
    • Published: Sep. 16, 2025
    • Modified: Sep. 19, 2025

  • 7.5

    HIGH
    CVE-2025-57060

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59833

    Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point ded... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-10597

    A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injecti... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-35432

    CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.... Read more

    Affected Products : thorium
    • Published: Sep. 17, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-58445

    Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers... Read more

    Affected Products : atlantis
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-56562

    An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-33102

    IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : concert
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-55238

    Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability... Read more

    • Published: Sep. 04, 2025
    • Modified: Sep. 10, 2025

  • 7.5

    HIGH
    CVE-2025-0081

    In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed fo... Read more

    Affected Products : android
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4417 Results