Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-50904

    There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-50901

    JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46998

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46962

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46936

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46932

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46856

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the co... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46852

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-46849

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    Affected Products : experience_manager_forms
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 8.6

    HIGH
    CVE-2025-28041

    Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 4.9

    MEDIUM
    CVE-2025-20345

    A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sens... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-20269

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file sy... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 4.9

    MEDIUM
    CVE-2025-20131

    A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy fun... Read more

    Affected Products : identity_services_engine
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-50640

    jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 8.4

    HIGH
    CVE-2010-20010

    Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chai... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.1

    MEDIUM
    CVE-2025-9233

    A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The expl... Read more

    Affected Products : scada-lts
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 5.1

    MEDIUM
    CVE-2025-55751

    OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicio... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 8.7

    HIGH
    CVE-2025-55732

    Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the... Read more

    Affected Products : frappe
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 8.8

    HIGH
    CVE-2025-55731

    Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15.... Read more

    Affected Products : frappe
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-57157

    Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
Showing 20 of 290974 Results