Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-8933

    A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be in... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-8932

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated re... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2025-8931

    A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack r... Read more

    Affected Products : medical_store_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2025-8930

    A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql in... Read more

    Affected Products : medical_store_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-55199

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolv... Read more

    Affected Products : helm
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-55198

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuri... Read more

    Affected Products : helm
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-55197

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-refere... Read more

    Affected Products : pypdf
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025

  • 7.1

    HIGH
    CVE-2025-55196

    External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by... Read more

    Affected Products : external_secrets_operator
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 5.7

    MEDIUM
    CVE-2025-55194

    Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server ... Read more

    Affected Products : part-db
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 2.7

    LOW
    CVE-2025-55193

    Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI seque... Read more

    Affected Products : rails
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2025-8929

    A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotel... Read more

    Affected Products : medical_store_management_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2025-8928

    A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injecti... Read more

    Affected Products : medical_store_management_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 9.2

    CRITICAL
    CVE-2025-34154

    UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insuffic... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 9.3

    CRITICAL
    CVE-2012-10060

    Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bou... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 9.4

    CRITICAL
    CVE-2012-10059

    Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitr... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 10.0

    CRITICAL
    CVE-2012-10058

    RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code executi... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 8.4

    HIGH
    CVE-2012-10057

    Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specia... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 8.7

    HIGH
    CVE-2012-10056

    PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. B... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 9.3

    CRITICAL
    CVE-2012-10055

    ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memor... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025

  • 9.3

    CRITICAL
    CVE-2012-10054

    Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
Showing 20 of 290974 Results