Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-11095

    A vulnerability was detected in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/delete_offline_device. Performing manipulation of the argument delvalue results in command injection. Remote exploitation of the attack is ... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11096

    A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exp... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11097

    A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit ... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11098

    A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The e... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11099

    A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remot... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11100

    A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly availa... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11113

    A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is no... Read more

    Affected Products : online_leave_application
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11109

    A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more

    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11110

    A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. It is possible t... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11111

    A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remot... Read more

    Affected Products : advanced_online_voting_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11114

    A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be... Read more

    Affected Products : online_leave_application
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-54831

    Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. I... Read more

    Affected Products : airflow
    • Published: Sep. 26, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-57428

    Default credentials in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-level flash and register manipulation commands.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-56383

    Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57197

    In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN ve... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-35027

    Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, t... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-43400

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a malic... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-5200

    The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-8440

    The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products : team_members
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-41251

    VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. ... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 3828 Results