Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-52277

    Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-10231

    An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.... Read more

    Affected Products : n-central
    • Published: Sep. 10, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-10199

    A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-10198

    Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2025-10170

    A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-7954

    A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.... Read more

    Affected Products : shopware
    • Published: Aug. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-9364

    An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.... Read more

    Affected Products : factorytalk_analytics_logixai
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-28041

    Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.... Read more

    Affected Products : itranswarp
    • Published: Aug. 20, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-20006

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-20026

    Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-20032

    Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-20039

    Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 8.0

    HIGH
    CVE-2025-20046

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-20062

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-20618

    Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-59019

    Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9680

    A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be ini... Read more

    Affected Products : o2oa
    • Published: Aug. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59018

    Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive i... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9681

    A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. T... Read more

    Affected Products : o2oa
    • Published: Aug. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-59017

    Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the correspondin... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization
Showing 20 of 293360 Results