Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-48356

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Isra Kanpress allows Stored XSS. This issue affects Kanpress: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2021-4459

    An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-43730

    Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-48311

    Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-9376

    The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the 'stopbadbots_check_wordpress_logged_in_cookie' function in ... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-53970

    SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-58072

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-53396

    Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-9514

    A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly co... Read more

    Affected Products : mall
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-30061

    In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-54819

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authentic... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-48361

    Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    CRITICAL
    CVE-2023-7309

    A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-48305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-9527

    A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The e... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-48309

    Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS. This issue affects BetPress: from n/a through 1.0.1 Lite.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-48358

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce allows Stored XSS. This issue affects Risk Free Cash On Delivery (COD) – WooComme... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-48308

    Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.0

    MEDIUM
    CVE-2025-20262

    A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a cra... Read more

    Affected Products : nx-os
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-48304

    Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS. This issue affects Google XML News Sitemap plugin: from n/a through 0.02.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 3963 Results