Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4688

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-2404

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS).This issue affects STOYS: from 2 through 20250916.  NOTE: The vendor did no... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-26710

    There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-10316

    The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2025-43798

    Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOT... Read more

    Affected Products : dxp
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-6999

    An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Firew... Read more

    Affected Products : fireware_os
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.6

    MEDIUM
    CVE-2025-59056

    FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the m... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-9566

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful atta... Read more

    Affected Products : enterprise_linux libssh
    • Published: Sep. 05, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2023-3652

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.... Read more

    Affected Products : digital_ant
    • Published: Aug. 08, 2023
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-3651

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.... Read more

    Affected Products : digital_ant
    • Published: Aug. 08, 2023
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-10443

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote ... Read more

    • Published: Nov. 15, 2024
    • Modified: Sep. 16, 2025

  • 7.8

    HIGH
    CVE-2025-43277

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8. Processing a maliciously crafted audio file may lead to memory corruption.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-43273

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-7129

    The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins... Read more

    Affected Products : simply_schedule_appointments
    • Published: Sep. 13, 2024
    • Modified: Sep. 15, 2025

  • 5.3

    MEDIUM
    CVE-2024-48075

    A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Sep. 15, 2025

  • 7.8

    HIGH
    CVE-2024-44092

    There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 13, 2024
    • Modified: Sep. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-35006

    IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : cpe security_qradar_edr
    • Published: Jul. 10, 2024
    • Modified: Sep. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-43020

    OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.... Read more

    Affected Products : opencats
    • Published: Oct. 19, 2022
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-43019

    OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.... Read more

    Affected Products : opencats
    • Published: Oct. 19, 2022
    • Modified: Sep. 15, 2025

  • 7.8

    HIGH
    CVE-2025-9174

    A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed loca... Read more

    Affected Products : shc
    • Published: Aug. 19, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection
Showing 20 of 294287 Results