Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-55888

    Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encode... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-22427

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-22419

    In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-8061

    A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Le... Read more

    • Published: Sep. 11, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-55618

    In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.... Read more

    Affected Products : navigation
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-56295

    code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions.... Read more

    Affected Products : computer_laboratory_system
    • Published: Sep. 16, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-52907

    Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.... Read more

    Affected Products : x6000r_firmware
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-23257

    NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-54911

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025

  • 7.3

    HIGH
    CVE-2025-23258

    NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-48842

    Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-47909

    Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit ... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.3

    HIGH
    CVE-2025-56630

    FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.... Read more

    Affected Products : foxcms
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-22417

    In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-9905

    The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be execute... Read more

    Affected Products : keras
    • Published: Sep. 19, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Supply Chain

  • 7.3

    HIGH
    CVE-2025-5808

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-58062

    LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently ac... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-57248

    A null pointer dereference vulnerability was discovered in SumatraPDF 3.5.2 during the processing of a crafted .djvu file. When the file is opened, the application crashes inside libmupdf.dll, specifically in the DataPool::has_data() function.... Read more

    Affected Products : sumatrapdf
    • Published: Sep. 15, 2025
    • Modified: Sep. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-54116

    Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 7.3

    HIGH
    CVE-2025-53396

    Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 4387 Results