Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-54054

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: from n/a through 3.18.3.... Read more

    Affected Products : 12_step_meeting_list
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 5.7

    MEDIUM
    CVE-2025-26709

    There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025

  • 5.3

    MEDIUM
    CVE-2025-8991

    A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_frei... Read more

    Affected Products : litemall
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025

  • 4.8

    MEDIUM
    CVE-2025-31987

    HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.5

    HIGH
    CVE-2025-7973

    A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spa... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 5.3

    MEDIUM
    CVE-2025-20219

    A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attack... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2025-20136

    A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauth... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2025-20302

    A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization ... Read more

    Affected Products : firepower_management_center
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2025-20263

    A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affe... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2025-20239

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, re... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2025-53249

    Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23.... Read more

    Affected Products : build_app_online
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2025-54746

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a through 1.0.02.... Read more

    Affected Products : shortcode-redirect
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 5.3

    MEDIUM
    CVE-2025-54730

    Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2025-55710

    Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.37.2.... Read more

    Affected Products : taxopress
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.7

    HIGH
    CVE-2025-9042

    A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.4

    HIGH
    CVE-2025-7972

    A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 3.7

    LOW
    CVE-2025-31961

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.... Read more

    Affected Products : connections
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025

  • 3.1

    LOW
    CVE-2025-9019

    A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity o... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025

  • 8.7

    HIGH
    CVE-2025-54475

    A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.... Read more

    Affected Products : js_jobs
    • Published: Aug. 15, 2025
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2025-54732

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2.... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
Showing 20 of 290954 Results