Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-27105

    vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the ca... Read more

    Affected Products : vyper
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27104

    vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the... Read more

    Affected Products : vyper
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-26622

    vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning round... Read more

    Affected Products : vyper
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025

  • 6.8

    MEDIUM
    CVE-2019-8900

    A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulner... Read more

    Affected Products : securerom a10_fusion a10x_fusion a11_bionic a5 a5x a6 a6x a7 a8 +3 more products
    • Published: Feb. 21, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-25282

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list... Read more

    Affected Products : ragflow
    • Published: Feb. 21, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1555

    A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. ... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-25772

    A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.... Read more

    Affected Products : jspxcms
    • Published: Feb. 21, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-25770

    Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.... Read more

    Affected Products : wangmarket
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2025-25769

    Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.... Read more

    Affected Products : wangmarket
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-25768

    MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-25767

    A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25605

    Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25604

    Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2020-19248

    SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses ev... Read more

    Affected Products : pbootcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-25878

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-25877

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-25876

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-25875

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-25766

    An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-25765

    MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291717 Results