Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-57105

    The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-57770

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login in... Read more

    Affected Products : zitadel
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025

  • 8.8

    HIGH
    CVE-2025-57800

    Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to... Read more

    Affected Products : audiobookshelf
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025

  • 2.5

    LOW
    CVE-2025-55745

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attacker... Read more

    Affected Products : unopim
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025

  • 8.1

    HIGH
    CVE-2025-57771

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025

  • 5.1

    MEDIUM
    CVE-2025-43755

    A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 throug... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 6.9

    MEDIUM
    CVE-2025-43756

    <!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}-->A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-55522

    Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 8.1

    HIGH
    CVE-2025-57755

    claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be expo... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 6.9

    MEDIUM
    CVE-2025-7969

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-... Read more

    Affected Products : markdown-it
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 8.8

    HIGH
    CVE-2025-52351

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This pr... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 8.3

    HIGH
    CVE-2025-7051

    On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.... Read more

    Affected Products : n-central
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-38742

    Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code executio... Read more

    Affected Products : emc_idrac_service_module
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 7.7

    HIGH
    CVE-2025-57751

    pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), re... Read more

    Affected Products : pyload
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 9.3

    CRITICAL
    CVE-2010-20121

    EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowin... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 6.3

    MEDIUM
    CVE-2025-24489

    An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 6.3

    MEDIUM
    CVE-2025-27714

    An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-3128

    A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 7.1

    HIGH
    CVE-2025-41415

    The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025

  • 9.1

    CRITICAL
    CVE-2025-53795

    Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : pc_manager
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
Showing 20 of 290974 Results