Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9299

    A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer over... Read more

    Affected Products : m3_firmware m3
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-9298

    A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The expl... Read more

    Affected Products : m3_firmware m3
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9297

    A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated rem... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-47184

    An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a craf... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: XML External Entity

  • 5.8

    MEDIUM
    CVE-2025-9296

    A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the ... Read more

    Affected Products : emlog
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-8064

    The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selector_height’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8895

    The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the aff... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-8023

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path com... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2025-53971

    Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API ... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49810

    Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-49222

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2, 10.10.x <= 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared chan... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-47870

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-47700

    Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-36530

    Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal ... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-8607

    The SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up to, and including, 1.6.0 due to insufficient input san... Read more

    Affected Products : slingblocks
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-8592

    The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiro_install_plugin() function. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-7390

    A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-7221

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function in all versions up to, and including, 4.5.0. This ... Read more

    Affected Products : givewp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-53505

    Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.... Read more

    Affected Products : group_office
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-53504

    Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.... Read more

    Affected Products : group_office
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292803 Results