Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-21000

    On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime.... Read more

    • EPSS Score: %0.13
    • Published: May. 24, 2021
    • Modified: Aug. 15, 2025

  • 9.1

    CRITICAL
    CVE-2021-21001

    On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.... Read more

    • EPSS Score: %0.24
    • Published: May. 24, 2021
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2021-30186

    CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.... Read more

    • EPSS Score: %0.45
    • Published: May. 25, 2021
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2025-45317

    A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.... Read more

    Affected Products : hortusfox
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-50615

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set in the payload, which can cause the... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-50616

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_advanced_set in the payload, which can cause the p... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-50617

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wps_set in the payload, which can cause the program t... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-45313

    A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.... Read more

    Affected Products : hortusfox
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8926

    A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be laun... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-47716

    IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.... Read more

    • Published: Mar. 01, 2024
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-55197

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-refere... Read more

    Affected Products : pypdf
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-43043

    IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875.... Read more

    • Published: Mar. 13, 2024
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-1504

    The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This... Read more

    Affected Products : secupress
    • Published: Apr. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53989

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53985

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.1... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 7.1

    HIGH
    CVE-2023-33322

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25. ... Read more

    Affected Products : front_end_users
    • Published: Mar. 26, 2024
    • Modified: Aug. 15, 2025

  • 7.6

    HIGH
    CVE-2025-4123

    A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vuln... Read more

    Affected Products : grafana
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-55005

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or r... Read more

    Affected Products : imagemagick
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-32989

    A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containin... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-32990

    A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer wr... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291830 Results