Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-8393

    A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captu... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8284

    By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions.... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-53520

    The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files with... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-50468

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50467

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-50466

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-50465

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.... Read more

    Affected Products : openmetadata
    • Published: Aug. 08, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-47872

    The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequenti... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.2

    CRITICAL
    CVE-2025-46414

    The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API p... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2025-8731

    A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. T... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8356

    In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.... Read more

    Affected Products : freeflow_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8355

    In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).... Read more

    Affected Products : freeflow_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-52586

    The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or for... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-4576

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    HIGH
    CVE-2025-8730

    A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be la... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-36119

    IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exp... Read more

    Affected Products : i i
    • Published: Aug. 08, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-36023

    IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Aug. 08, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2020-9322

    The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PAT... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-8729

    A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. The manipulation of the argument task_id leads to path tr... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-8749

    Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request.... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293304 Results