Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2025-9402

    A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request f... Read more

    Affected Products : usualtoolcms
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.3

    HIGH
    CVE-2025-5191

    An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a ma... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-36174

    IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.... Read more

    Affected Products : integrated_analytics_system
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-36157

    IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.... Read more

    Affected Products : jazz_foundation
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-44178

    DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN ... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-9385

    A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. Th... Read more

    Affected Products : tcpreplay
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-6737

    Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-9410

    A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9399

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The expl... Read more

    Affected Products : yifang
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9386

    A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The ... Read more

    Affected Products : tcpreplay
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-53118

    An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-8997

    An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-9411

    A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The a... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9413

    A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remote... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-54301

    A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-9409

    A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversa... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-5302

    A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to ... Read more

    Affected Products : llamaindex
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-51281

    D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long va... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 3.8

    LOW
    CVE-2025-3456

    On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-... Read more

    Affected Products : eos
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-9415

    A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out ... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3917 Results