Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-50892

    The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-49461

    Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-49460

    Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-49458

    Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-36757

    It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system.... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-10209

    A security flaw has been discovered in Papermerge DMS up to 3.5.3. This issue affects some unknown processing of the component Authorization Token Handler. Performing manipulation results in improper authorization. The attack can be initiated remotely. Th... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-10234

    A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scr... Read more

    Affected Products : scada-lts
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-10171

    A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. T... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-10214

    DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\<user>\AppData\Local\UPDF\FREngine\... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-49459

    Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-10229

    A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect. The attack can be executed remotely. The exploit has b... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-58134

    Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 2.6

    LOW
    CVE-2025-10216

    A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The ... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-8681

    Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.... Read more

    Affected Products : infinity
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-10099

    A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_in... Read more

    Affected Products : i-educar
    • Published: Sep. 08, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-8311

    dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-58276

    Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 05, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-58280

    Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Sep. 05, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-58281

    Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Sep. 05, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58296

    Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability.... Read more

    Affected Products : harmonyos
    • Published: Sep. 05, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Race Condition
Showing 20 of 4204 Results