Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2011-10022

    SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2011-10028

    The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2011-10030

    Foxit PDF Reader <  4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or script... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-50640

    jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-6182

    The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-55746

    Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents (with... Read more

    Affected Products : directus
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-50902

    Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-9241

    A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.... Read more

    Affected Products : eladmin
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9263

    A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to... Read more

    Affected Products : xxl-job
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-27216

    Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-53504

    Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.... Read more

    Affected Products : group_office
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-49222

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2, 10.10.x <= 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared chan... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.0

    MEDIUM
    CVE-2025-57753

    vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    HIGH
    CVE-2025-9303

    A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible... Read more

    Affected Products : a720r_firmware
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2025-55297

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1,... Read more

    Affected Products : esp-idf
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-9301

    A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exp... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-51818

    MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-47870

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-8592

    The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiro_install_plugin() function. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-7390

    A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 293329 Results