Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-59035

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions.... Read more

    Affected Products : indico
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-57392

    BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege es... Read more

    Affected Products : benimpos
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-54123

    Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitizati... Read more

    Affected Products : hoverfly
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-9714

    Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr`... Read more

    Affected Products : libxml2
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-45669

    IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote user to cause a denial of service due to improper handling of special characters that could lead to uncontrolled resource consumption.... Read more

    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-45671

    IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2025-57569

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.... Read more

    Affected Products : f3_firmware f3
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-57570

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.... Read more

    Affected Products : f3_firmware f3
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-57571

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.... Read more

    Affected Products : f3_firmware f3
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-57572

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.... Read more

    Affected Products : f3_firmware f3
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-57573

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.... Read more

    Affected Products : f3_firmware f3
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-58447

    rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sendin... Read more

    Affected Products : rathena
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-58448

    rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.... Read more

    Affected Products : rathena
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-58750

    rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using i... Read more

    Affected Products : rathena
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-59139

    Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present.... Read more

    Affected Products : hono
    • Published: Sep. 12, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-58362

    Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx locatio... Read more

    Affected Products : hono
    • Published: Sep. 05, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-56404

    An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.... Read more

    Affected Products : model_context_protocol
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-56405

    An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol.... Read more

    Affected Products : mcp_server
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-56413

    OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.... Read more

    Affected Products : 1panel
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-43884

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially expl... Read more

    Affected Products : powerprotect_data_manager
    • Published: Sep. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection
Showing 20 of 4290 Results