Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-9805

    A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack ... Read more

    Affected Products : sim
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.6

    HIGH
    CVE-2009-20008

    Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fi... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-9727

    A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The ... Read more

    Affected Products :
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52551

    E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-52548

    E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-52546

    E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-12973

    Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-47696

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7.... Read more

    Affected Products :
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-36133

    IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the contai... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2009-20009

    Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to pro... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2010-10016

    BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw o... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-0165

    IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delet... Read more

    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2009-20010

    Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by th... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-5083

    The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products : amministrazione_trasparente
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-7405

    Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, ... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-7731

    Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read ... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-6507

    A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The... Read more

    Affected Products : h2o
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-54857

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privilege... Read more

    Affected Products : skybridge_basic_mb-a130_firmware
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-46810

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.... Read more

    Affected Products : mirrorcache
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-44017

    "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4478 Results