Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9311

    A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the atta... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-25717

    Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.... Read more

    Affected Products : ruckus_wireless_admin smartzone_ap smartzone r310 r500 r600 t300 t301n t301s h320 +52 more products
    • Actively Exploited
    • EPSS Score: %94.23
    • Published: Feb. 13, 2023
    • Modified: Aug. 22, 2025

  • 6.1

    MEDIUM
    CVE-2023-49225

    A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As fo... Read more

    • EPSS Score: %0.32
    • Published: Dec. 07, 2023
    • Modified: Aug. 22, 2025

  • 6.8

    MEDIUM
    CVE-2024-45062

    A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger th... Read more

    Affected Products : ippusbxd_firmware ippusbxd
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-55734

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when ... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-55735

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe ... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-55736

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-55731

    Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15.... Read more

    Affected Products : frappe
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-55732

    Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the... Read more

    Affected Products : frappe
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32451

    A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and... Read more

    Affected Products : pdf_reader
    • Published: Aug. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-47152

    An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially le... Read more

    Affected Products : pdf-xchange_editor
    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-27931

    An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the... Read more

    Affected Products : pdf-xchange_editor
    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2024-51447

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This c... Read more

    Affected Products : polarion_alm
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-40566

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauth... Read more

    Affected Products : simatic_pcs_neo
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-32917

    Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.... Read more

    Affected Products : checkmk checkmk
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-47783

    Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actio... Read more

    Affected Products : label_studio
    • Published: May. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2527

    Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2022-1615

    In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.... Read more

    Affected Products : fedora samba
    • EPSS Score: %0.12
    • Published: Sep. 01, 2022
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-55626

    An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-1712

    Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files... Read more

    Affected Products : checkmk checkmk
    • Published: May. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 291722 Results