Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-8734

    A vulnerability has been found in GNU Bison up to 3.8.2. This impacts the function code_free of the file src/scan-code.c. The manipulation leads to double free. An attack has to be approached locally. The exploit has been disclosed to the public and may b... Read more

    Affected Products : bison
    • Published: Aug. 08, 2025
    • Modified: Aug. 19, 2025

  • 4.8

    MEDIUM
    CVE-2025-8733

    A flaw has been found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been published and may b... Read more

    Affected Products : bison
    • Published: Aug. 08, 2025
    • Modified: Aug. 19, 2025

  • 9.8

    CRITICAL
    CVE-2025-5095

    Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing ... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2025-52914

    A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit cou... Read more

    Affected Products : micollab
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-52913

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 4.8

    MEDIUM
    CVE-2025-50928

    Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 6.3

    MEDIUM
    CVE-2025-50927

    A reflected cross-site scripting (XSS) vulnerability in the List All FTP User Function in EHCP v20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via injecting a crafted payload into the ftpusername parameter.... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 4.8

    MEDIUM
    CVE-2025-8732

    A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requi... Read more

    Affected Products : libxml2
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.5

    HIGH
    CVE-2025-8393

    A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captu... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-8284

    By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions.... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2025-53520

    The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files with... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 6.5

    MEDIUM
    CVE-2025-50468

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-50467

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025

  • 7.1

    HIGH
    CVE-2025-50466

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025

  • 8.8

    HIGH
    CVE-2025-50465

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025

  • 6.9

    MEDIUM
    CVE-2025-47872

    The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequenti... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 9.2

    CRITICAL
    CVE-2025-46414

    The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API p... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025

  • 10.0

    HIGH
    CVE-2025-8731

    A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. T... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-8356

    In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.... Read more

    Affected Products : freeflow_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 18, 2025

  • 7.5

    HIGH
    CVE-2025-8355

    In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).... Read more

    Affected Products : freeflow_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 14, 2025
Showing 20 of 290954 Results