Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-10757

    A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. The attack can be initiated rem... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.5

    MEDIUM
    CVE-2025-10767

    A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASS... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-10778

    A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-10763

    A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component Profile Picture Handler. This manipulation causes unres... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-10761

    A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive authentication attempts. Remote exploitation of the att... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-10762

    A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-10756

    A security flaw has been discovered in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of the argument tempName results in buffer overflow. It is possible to launch the attack ... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-10772

    A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the component ZeroMQ Socket Handler. The manipulation leads t... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-10759

    A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The expl... Read more

    Affected Products : qloapps
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-53692

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experie... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-10777

    A flaw has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. The attack can be launched remotely. Upgrading to ve... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-10755

    A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in unrestricted upload. The attack may be performed from rem... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-10776

    A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-57961

    Missing Authorization vulnerability in Codexpert, Inc CoDesigner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoDesigner: from n/a through 4.25.2.... Read more

    Affected Products : codesigner
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-57957

    Missing Authorization vulnerability in wpcraft WooMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooMS: from n/a through 9.12.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-57956

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS allows Stored XSS. This issue affects WooMS: from n/a through 9.12.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57955

    Missing Authorization vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Carousel Slider for Elementor: from n/a through 1.7.0.... Read more

    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57954

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1.... Read more

    Affected Products : poll_maker
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57953

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 100plugins Open User Map allows DOM-Based XSS. This issue affects Open User Map: from n/a through 1.4.14.... Read more

    Affected Products : open_user_map
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-9038

    Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization
Showing 20 of 3876 Results