Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-10015

    The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the applicatio... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authorization

  • 2.1

    LOW
    CVE-2025-43798

    Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOT... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-6999

    An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Firew... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.6

    MEDIUM
    CVE-2025-59056

    FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the m... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-9566

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful atta... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2023-3652

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.... Read more

    Affected Products : digital_ant
    • Published: Aug. 08, 2023
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-3651

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.... Read more

    Affected Products : digital_ant
    • Published: Aug. 08, 2023
    • Modified: Sep. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-10443

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote ... Read more

    • Published: Nov. 15, 2024
    • Modified: Sep. 16, 2025

  • 7.8

    HIGH
    CVE-2025-43277

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8. Processing a maliciously crafted audio file may lead to memory corruption.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-43273

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8. A sandboxed process may be able to circumvent sandbox restrictions.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-7129

    The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins... Read more

    Affected Products : simply_schedule_appointments
    • Published: Sep. 13, 2024
    • Modified: Sep. 15, 2025

  • 5.3

    MEDIUM
    CVE-2024-48075

    A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Sep. 15, 2025

  • 7.8

    HIGH
    CVE-2024-44092

    There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 13, 2024
    • Modified: Sep. 15, 2025

  • 5.4

    MEDIUM
    CVE-2023-35006

    IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : cpe security_qradar_edr
    • Published: Jul. 10, 2024
    • Modified: Sep. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-43020

    OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.... Read more

    Affected Products : opencats
    • Published: Oct. 19, 2022
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-43019

    OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.... Read more

    Affected Products : opencats
    • Published: Oct. 19, 2022
    • Modified: Sep. 15, 2025

  • 7.8

    HIGH
    CVE-2025-9174

    A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed loca... Read more

    Affected Products : shc
    • Published: Aug. 19, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-33120

    IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.... Read more

    • Published: Aug. 22, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-36042

    IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... Read more

    • Published: Aug. 22, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-55573

    QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : new_api
    • Published: Aug. 22, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294267 Results