Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-43284

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2024-13987

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-o... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-49405

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.... Read more

    Affected Products : houzez
    • Published: Aug. 28, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-47909

    Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit ... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.7

    HIGH
    CVE-2025-58323

    NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-54742

    Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.... Read more

    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 2.5

    LOW
    CVE-2025-9589

    A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-6203

    A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resu... Read more

    Affected Products : vault
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2025-9195

    Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-8858

    Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8857

    Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-54716

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-49407

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.... Read more

    Affected Products : houzez
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49402

    Missing Authorization vulnerability in favethemes Houzez CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez CRM: from n/a through 1.4.7.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-58048

    Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction f... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-5808

    Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-31971

    AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability.  The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or ... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.8

    HIGH
    CVE-2025-9578

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-58058

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memor... Read more

    Affected Products : xz
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-13342

    The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attac... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 4412 Results