Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9276

    Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-reques... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-36162

    IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.... Read more

    Affected Products : urbancode_deploy
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-57777

    There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a u... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-57775

    There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to o... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-9219

    The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... Read more

    Affected Products : post_smtp
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2024-13063

    Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.This issue affects MyRezzta: from s2.02.02 before v2.05.01.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1740

    Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-58351

    Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP byp... Read more

    Affected Products : outline
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-13066

    Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-9828

    A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is charact... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-21030

    Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 2.1

    LOW
    CVE-2025-41000

    Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the b... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-32444

    Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-58210

    Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13064

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS).This issue affects MyRezzta: from s2.02.02 before v2.05.01.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-9821

    SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. Impact... Read more

    Affected Products : mautic
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-9836

    A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The ... Read more

    Affected Products : mall
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-9785

    PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signe... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2023-3666

    The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-21481

    Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.... Read more

    Affected Products : account
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3972 Results