Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-36326

    IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.... Read more

    Affected Products : cognos_controller controller
    • Published: Sep. 26, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2025-36064

    IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more

    Affected Products : sterling_connect\
    • Published: Sep. 22, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-36202

    IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.... Read more

    Affected Products : webmethods_integration webmethods
    • Published: Sep. 22, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-36037

    IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attac... Read more

    Affected Products : webmethods_integration webmethods
    • Published: Sep. 22, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-26258

    Sourcecodester Employee Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via 'Add Designation.'... Read more

    Affected Products : employee_management_system
    • Published: Sep. 26, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-61733

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.... Read more

    Affected Products : kylin
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-61734

    Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended t... Read more

    Affected Products : kylin
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-61735

    Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to versi... Read more

    Affected Products : kylin
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-56769

    An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.... Read more

    Affected Products : hutool
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-29155

    An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint... Read more

    Affected Products : swagger_petstore
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11049

    A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. T... Read more

    Affected Products : i-educar
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-10954

    Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime ... Read more

    Affected Products : phonenumbers
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-11050

    A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may b... Read more

    Affected Products : i-educar
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-11053

    A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has bee... Read more

    Affected Products : small_crm
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-8014

    Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource e... Read more

    Affected Products : gitlab
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-11139

    A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of... Read more

    Affected Products : zhiyou_erp
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-11140

    A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity ... Read more

    Affected Products : zhiyou_erp
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-55552

    pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.... Read more

    Affected Products : pytorch
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025

  • 7.5

    HIGH
    CVE-2025-55553

    A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).... Read more

    Affected Products : pytorch
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-55554

    pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().... Read more

    Affected Products : pytorch
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4011 Results