Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9691

    A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been d... Read more

    Affected Products : online_shopping_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9692

    A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been mad... Read more

    Affected Products : online_shopping_system
    • Published: Aug. 30, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-49595

    n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to caus... Read more

    Affected Products : n8n
    • Published: Jul. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-9731

    A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack... Read more

    Affected Products : ac9_firmware ac9
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-9738

    A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The atta... Read more

    Affected Products : i-educar
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-49011

    SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evalua... Read more

    Affected Products : spicedb
    • Published: Jun. 06, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9744

    A weakness has been identified in Campcodes Online Loan Management System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Executing manipulation of the argument Username can lead to sql injection. The attack can be lau... Read more

    Affected Products : online_loan_management_system
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-9745

    A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attac... Read more

    Affected Products : di-500wf_firmware di-500wf
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-9747

    A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The explo... Read more

    Affected Products : koillection
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-9748

    A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The at... Read more

    Affected Products : ch22_firmware ch22
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-9760

    A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/aluno of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack rem... Read more

    Affected Products : i-educar
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9768

    A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely.... Read more

    Affected Products : sports_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-9769

    A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on t... Read more

    Affected Products : di-7400g\+_firmware di-7400g\+
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 3.6

    LOW
    CVE-2024-50610

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.... Read more

    Affected Products : gnu_scientific_library
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-9770

    A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql inject... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9779

    A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch th... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9780

    A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9781

    A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploi... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-50614

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products : tinyxml2
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 9.0

    HIGH
    CVE-2025-9782

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293280 Results