Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-58272

    Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-9378

    The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-9219

    The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... Read more

    Affected Products : post_smtp
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-9188

    There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerabilit... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-9817

    SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-9843

    A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been publ... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-57775

    There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to o... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-9822

    SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credential... Read more

    Affected Products : mautic
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-9828

    A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is charact... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-1740

    Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-58632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-58604

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 4.4

    MEDIUM
    CVE-2025-58615

    Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0.... Read more

    Affected Products : wp_bannerize_pro
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-9935

    A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotel... Read more

    Affected Products : n600r_firmware
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-58614

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6.... Read more

    Affected Products : tooltipy
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-58639

    Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-9517

    The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for au... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-36193

    IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.... Read more

    Affected Products : transformation_advisor
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58616

    Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-58358

    Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an a... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection
Showing 20 of 4368 Results