Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-40740

    A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attac... Read more

    Affected Products : solid_edge
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 7.8

    HIGH
    CVE-2025-40739

    A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attac... Read more

    Affected Products : solid_edge
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-57790

    An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-57789

    An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-28447

    Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2025-57703

    DIAEnergie - Reflected Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2025-57702

    DIAEnergie - Reflected Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2025-57701

    DIAEnergie - Reflected Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 7.0

    HIGH
    CVE-2025-57700

    DIAEnergie - Stored Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-57788

    An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.3

    HIGH
    CVE-2025-55503

    Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-55483

    Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 4.9

    MEDIUM
    CVE-2025-51488

    A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin.... Read more

    Affected Products : moonshine moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025

  • 4.5

    MEDIUM
    CVE-2025-51487

    A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a... Read more

    Affected Products : moonshine moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-51489

    A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened.... Read more

    Affected Products : moonshine moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-8973

    A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The expl... Read more

    Affected Products : cashier_queuing_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-8990

    A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The explo... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9011

    A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be laun... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9012

    A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate ... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 10.0

    CRITICAL
    CVE-2025-53187

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 21, 2025
Showing 20 of 290955 Results