Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-55706

    URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-54551

    Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-53522

    Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-57791

    An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful e... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-57790

    An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-57789

    An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-57788

    An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-8289

    The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenti... Read more

    Affected Products : redirection_for_contact_form_7
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8145

    The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated at... Read more

    Affected Products : redirection_for_contact_form_7
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8141

    The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3.2.4. This makes it possible for unaut... Read more

    Affected Products : redirection_for_contact_form_7
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-54364

    Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracki... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-54363

    Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastr... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-9132

    Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2024-12223

    Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-9193

    A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote lo... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-9176

    A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local ac... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9175

    A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is public... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-9174

    A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed loca... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-9171

    A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is ... Read more

    Affected Products : solidinvoice
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9170

    A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be execu... Read more

    Affected Products : solidinvoice
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292795 Results