Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-29238

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read databas... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-29239

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read d... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-29240

    Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53279

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read ... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53280

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator priv... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53281

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files contain... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53282

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileg... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53283

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges t... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53284

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges ... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 5.9

    MEDIUM
    CVE-2024-53285

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read o... Read more

    Affected Products : router_manager router_manager
    • Published: Dec. 09, 2024
    • Modified: Aug. 04, 2025

  • 3.3

    LOW
    CVE-2011-4116

    _is_safe in the File::Temp module for Perl does not properly handle symlinks.... Read more

    Affected Products : file\
    • EPSS Score: %0.16
    • Published: Jan. 31, 2020
    • Modified: Aug. 04, 2025

  • 8.8

    HIGH
    CVE-2024-27756

    GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.... Read more

    Affected Products : glpi
    • Published: Mar. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2025-53357

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can a... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-53113

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use t... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53112

    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific ... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53111

    GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53008

    GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a ma... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-52897

    GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 5.0

    MEDIUM
    CVE-2025-52567

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploi... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-27514

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project... Read more

    Affected Products : glpi
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291385 Results