Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-59018

    Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive i... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-20363

    A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticat... Read more

    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-56803

    Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to child_pr... Read more

    Affected Products : desktop
    • Published: Sep. 03, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2025-48562

    In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48561

    In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not neede... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-26210

    DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior.... Read more

    Affected Products : deepseek-r1 deepseek-v2 deepseek-v3
    • Published: Sep. 03, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-59270

    psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TL... Read more

    Affected Products : pspas
    • Published: Sep. 16, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-58462

    OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-59340

    jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize a... Read more

    Affected Products : jinjava
    • Published: Sep. 17, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-10011

    A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is po... Read more

    Affected Products : i-educar
    • Published: Sep. 05, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-9826

    Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users.... Read more

    Affected Products : hubshare
    • Published: Sep. 15, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-23316

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vul... Read more

    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-23328

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.... Read more

    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-23329

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability migh... Read more

    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-23336

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service.... Read more

    • Published: Sep. 17, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-9079

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepacka... Read more

    Affected Products : mattermost_server
    • Published: Sep. 19, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-9081

    Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration... Read more

    Affected Products : mattermost_server
    • Published: Sep. 19, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-10773

    A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type results in stack... Read more

    Affected Products : bl-ac2100_firmware bl-ac2100
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-10779

    A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file /HNAP1/. The manipulation of the argument HNAP_AUTH/SOAPAction results in stack-based buffer overflow. The attack may be launched remot... Read more

    Affected Products : dcs-935l_firmware dcs-935l
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-10780

    A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit... Read more

    Affected Products : simple_pharmacy_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection
Showing 20 of 4491 Results