Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.6

    CRITICAL
    CVE-2024-45538

    Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-45539

    Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unsp... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-5401

    Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote ... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-29843

    A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-29844

    A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-29845

    A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-29846

    A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-14008

    A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side r... Read more

    Affected Products : xunruicms
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-63681

    open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.... Read more

    Affected Products : open_webui
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-21080

    Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-21072

    Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-58044

    JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an ... Read more

    Affected Products : jumpserver
    • Published: Dec. 01, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2025-58475

    Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-58476

    Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-58477

    Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58478

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58479

    Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58480

    Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-65105

    Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> whic... Read more

    Affected Products : apptainer
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-65215

    Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field.... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5366 Results