Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-53418

    Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.... Read more

    Affected Products : commgr
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1501

    An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limi... Read more

    Affected Products : cmc
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-57814

    request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are cor... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-57704

    Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 4.8

    MEDIUM
    CVE-2025-9190

    The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource acces... Read more

    Affected Products : cursor
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-57804

    h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers down... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-8597

    MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inje... Read more

    Affected Products : macvim
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-53813

    The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions.  Acquired resource access ... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-53811

    The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions.  Acquired resource a... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-9172

    The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-7821

    The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-43768

    Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions t... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-43767

    Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 update 86 through upda... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-9416

    A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from... Read more

    Affected Products : samarium
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-9386

    A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The ... Read more

    Affected Products : tcpreplay
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-9399

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The expl... Read more

    Affected Products : yifang
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9409

    A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversa... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-9410

    A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-36157

    IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.... Read more

    Affected Products : jazz_foundation
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-36174

    IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.... Read more

    Affected Products : integrated_analytics_system
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication
Showing 20 of 3918 Results