Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-61592

    Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Curso... Read more

    Affected Products : cursor
    • Published: Oct. 03, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-52653

    HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access.... Read more

    Affected Products : dryice_myxalytics
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-46817

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in ... Read more

    Affected Products : redis
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-44007

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-44006

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-33040

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-33039

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-33034

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-56804

    An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more

    Affected Products : video_station
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-61591

    Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, an attacker can impersonate a malicious MCP server and return crafted, maliciously injected commands during ... Read more

    Affected Products : cursor
    • Published: Oct. 03, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-61590

    Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings ... Read more

    Affected Products : cursor
    • Published: Oct. 03, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-56551

    An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.... Read more

    Affected Products : directadmin
    • Published: Oct. 03, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2021-42193

    nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-60787

    MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve... Read more

    Affected Products : motioneye
    • Published: Oct. 03, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-57423

    A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker co... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-55972

    A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoin... Read more

    Affected Products : 65c655_firmware 65c655
    • Published: Oct. 03, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2025-55971

    TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The devic... Read more

    Affected Products : 65c655_firmware 65c655
    • Published: Oct. 03, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-34226

    OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malform... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-10729

    The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-10728

    When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4034 Results