Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-48705

    Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-29031

    Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive infor... Read more

    Affected Products : meshery
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-32001

    SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects fo... Read more

    Affected Products : spicedb
    • Published: Apr. 10, 2024
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-8554

    A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack m... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8555

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack re... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-32430

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabil... Read more

    Affected Products : xwiki
    • Published: Aug. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-54124

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1... Read more

    Affected Products : xwiki
    • Published: Aug. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-54125

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, th... Read more

    Affected Products : xwiki
    • Published: Aug. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-8786

    A vulnerability, which was classified as problematic, was found in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the file /registros-de-conteudos-por-areas-de-conhecimento/ of the component Registro das atividades. The manipulation o... Read more

    Affected Products : i-diario
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-8755

    A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId... Read more

    Affected Products : mall
    • Published: Aug. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-8750

    A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to ... Read more

    Affected Products : mall
    • Published: Aug. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-54417

    Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerabi... Read more

    Affected Products : craft_cms
    • Published: Aug. 09, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-8742

    A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. T... Read more

    Affected Products : mall
    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-8741

    A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. ... Read more

    Affected Products : mall
    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-8740

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads t... Read more

    Affected Products : my-blog my-blog
    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8706

    A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy O... Read more

    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-8739

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack ma... Read more

    Affected Products : my-blog my-blog
    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-8705

    A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipul... Read more

    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8704

    A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analys... Read more

    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-8787

    A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The m... Read more

    Affected Products : i-diario
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292118 Results