Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-61606

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=Funcio... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-61605

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerabili... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-54089

    CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there a... Read more

    Affected Products : secure_access
    • Published: Oct. 02, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-54088

    CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are requi... Read more

    Affected Products : secure_access
    • Published: Oct. 02, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-61604

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protect... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-61603

    WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers t... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-61595

    MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with ... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Denial of Service

  • 2.6

    LOW
    CVE-2025-54087

    CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is hig... Read more

    Affected Products : secure_access
    • Published: Oct. 02, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-54086

    CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no a... Read more

    Affected Products : secure_access
    • Published: Oct. 02, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-10653

    An unauthenticated debug port may allow access to the device file system.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-59835

    LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restri... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-54315

    The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-49090

    The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-32942

    SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.... Read more

    Affected Products : tectia_server
    • Published: Oct. 02, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-56019

    An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legiti... Read more

    • Published: Oct. 02, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-60663

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-60661

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-59409

    Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.... Read more

    Affected Products : license_plate_reader_firmware
    • Published: Oct. 02, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-59407

    The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded... Read more

    Affected Products : flock_safety
    • Published: Oct. 02, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Cryptography

  • 6.2

    MEDIUM
    CVE-2025-59406

    The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binarie... Read more

    Affected Products : flock_safety
    • Published: Oct. 02, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authentication
Showing 20 of 4035 Results