Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-42934

    SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 2.6

    LOW
    CVE-2024-41985

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session ... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 8.5

    HIGH
    CVE-2025-30033

    The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.7

    MEDIUM
    CVE-2025-30027

    An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an att... Read more

    Affected Products : axis_os
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-40769

    A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthor... Read more

    Affected Products : sinec_traffic_analyzer
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 5.1

    MEDIUM
    CVE-2025-33023

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All ver... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 8.7

    HIGH
    CVE-2024-52504

    A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC ... Read more

    Affected Products : siprotec_4_7sj66_firmware
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2024-41986

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 5.1

    MEDIUM
    CVE-2024-41983

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in th... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 3.1

    LOW
    CVE-2024-41980

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communica... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2025-41686

    A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 5.1

    MEDIUM
    CVE-2025-7622

    During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.4

    MEDIUM
    CVE-2025-8690

    The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with C... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.1

    MEDIUM
    CVE-2025-42975

    SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the vict... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 3.5

    LOW
    CVE-2025-42955

    Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performan... Read more

    Affected Products : cloud_connector
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 9.9

    CRITICAL
    CVE-2025-42950

    SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 4.5

    MEDIUM
    CVE-2025-42943

    SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, an... Read more

    Affected Products : gui_for_windows
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 6.9

    MEDIUM
    CVE-2025-54992

    OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-32640

    MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7... Read more

    Affected Products : masacms
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 3.7

    LOW
    CVE-2025-49221

    Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
Showing 20 of 291162 Results