Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-54591

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSS_Auth::hasAccess() function used by some of the tag/feed related endp... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-54592

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54875

    FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page,... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-57769

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If em... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-59948

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow A... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-59950

    FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clicking the Promote button in another user's management page a... Read more

    Affected Products : freshrss
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-61586

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist... Read more

    Affected Products : freshrss
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-59743

    SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cook... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-59744

    Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”.... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-59742

    SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parame... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59741

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59740

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59739

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-57443

    FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environmen... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-59738

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59737

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59736

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-59735

    Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-59755

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-59754

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4068 Results