Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-54129

    HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting... Read more

    Affected Products : haxcms-php haxcms-nodejs haxiam
    • Published: Jul. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-54137

    HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-54139

    HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-12812

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees.... Read more

    Affected Products : wp_erp
    • Published: May. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2017-9371

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.24
    • Published: Nov. 14, 2017
    • Modified: Aug. 22, 2025

  • 9.6

    CRITICAL
    CVE-2017-3891

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and re... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.30
    • Published: Nov. 14, 2017
    • Modified: Aug. 22, 2025

  • 7.7

    HIGH
    CVE-2022-4967

    strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supp... Read more

    Affected Products : internet_key_exchange strongswan
    • Published: May. 14, 2024
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2025-54989

    Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. I... Read more

    Affected Products : firebird
    • Published: Aug. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-24975

    Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the... Read more

    Affected Products : firebird
    • Published: Aug. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-25575

    A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and r... Read more

    • Published: Apr. 30, 2024
    • Modified: Aug. 22, 2025

  • 8.8

    HIGH
    CVE-2024-25648

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption... Read more

    • Published: Apr. 30, 2024
    • Modified: Aug. 22, 2025

  • 8.8

    HIGH
    CVE-2024-25938

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption ... Read more

    • Published: Apr. 30, 2024
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-49606

    A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote ... Read more

    Affected Products : tinyproxy
    • Published: May. 01, 2024
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-47212

    A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products : fedora stb_vorbis stb_vorbis.c
    • Published: May. 01, 2024
    • Modified: Aug. 22, 2025

  • 6.1

    MEDIUM
    CVE-2025-53096

    Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious websit... Read more

    Affected Products : sunshine
    • Published: Jul. 01, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.6

    HIGH
    CVE-2025-53368

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user wi... Read more

    Affected Products : citizen
    • Published: Jul. 03, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-53370

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arb... Read more

    Affected Products : citizen
    • Published: Jul. 03, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-9074

    A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Iso... Read more

    Affected Products : desktop
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2024-39759

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-39760

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection
Showing 20 of 291541 Results