Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-55586

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-55585

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 5.3

    MEDIUM
    CVE-2025-55584

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 5.8

    MEDIUM
    CVE-2025-55213

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to impr... Read more

    Affected Products : openfga
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2025-53192

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluate... Read more

    Affected Products : commons_ognl
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 7.0

    HIGH
    CVE-2025-4371

    A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 8.5

    HIGH
    CVE-2025-32992

    Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 6.9

    MEDIUM
    CVE-2025-43731

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 9.3

    CRITICAL
    CVE-2025-7693

    A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS ... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 8.6

    HIGH
    CVE-2025-55300

    Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijackin... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 9.4

    CRITICAL
    CVE-2025-55299

    VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with ... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 5.5

    MEDIUM
    CVE-2025-55296

    librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaS... Read more

    Affected Products : librenms
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 9.4

    CRITICAL
    CVE-2025-55293

    Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing ... Read more

    Affected Products : meshtastic_firmware
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 7.1

    HIGH
    CVE-2025-55291

    Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) ... Read more

    Affected Products : shaarli
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 5.5

    MEDIUM
    CVE-2025-55288

    Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, lea... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 8.0

    HIGH
    CVE-2025-55287

    Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leadin... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 9.1

    CRITICAL
    CVE-2025-55283

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems ... Read more

    Affected Products : aiven-db-migrate
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2025-55282

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a ... Read more

    Affected Products : aiven-db-migrate
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-55214

    Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require p... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025

  • 9.0

    CRITICAL
    CVE-2025-55205

    Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsu... Read more

    Affected Products : capsule
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
Showing 20 of 290954 Results