Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.1

    MEDIUM
    CVE-2025-45582

    GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an ... Read more

    Affected Products : tar
    • Published: Jul. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8671

    A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening... Read more

    Affected Products : h2o
    • Published: Aug. 13, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-45770

    jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and othe... Read more

    Affected Products : jwt
    • Published: Jul. 31, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-45769

    php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and... Read more

    Affected Products : firebase_php-jwt
    • Published: Jul. 31, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 7.0

    HIGH
    CVE-2025-45766

    poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14... Read more

    Affected Products : poco
    • Published: Aug. 06, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2023-43029

    IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.... Read more

    • Published: Mar. 21, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2025-23266

    NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalati... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Aug. 16, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-8885

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://git... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 12, 2025
    • Modified: Aug. 16, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-20265

    A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerabilit... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8936

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may ... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8935

    A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be lau... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-8934

    A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. T... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8933

    A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be in... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-8920

    A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-8919

    A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8286

    The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2023-50234

    Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to expl... Read more

    Affected Products : office_word office_cell office_cell
    • Published: May. 03, 2024
    • Modified: Aug. 15, 2025

  • 7.8

    HIGH
    CVE-2025-52327

    SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-4267

    A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' ... Read more

    • Published: May. 22, 2024
    • Modified: Aug. 15, 2025

  • 7.1

    HIGH
    CVE-2024-43238

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5.... Read more

    Affected Products : wemail wemail
    • Published: Aug. 18, 2024
    • Modified: Aug. 15, 2025
Showing 20 of 291722 Results