Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-58613

    Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58633

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58607

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for ... Read more

    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-58642

    Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-58643

    Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9938

    A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely... Read more

    Affected Products : di-8400_firmware
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2024-34598

    Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-13071

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-9934

    A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is poss... Read more

    Affected Products : x5000r_firmware
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-58630

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-58622

    Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-58634

    Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-58611

    Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6.... Read more

    Affected Products : tickera
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.7

    HIGH
    CVE-2025-58355

    Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0.... Read more

    Affected Products : soft_serve
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.6

    CRITICAL
    CVE-2025-58357

    5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prom... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-6785

    Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with softw... Read more

    Affected Products : model_3_firmware
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25048

    IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted dire... Read more

    Affected Products : jazz_foundation
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-58594

    Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.... Read more

    Affected Products : brizy
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-58602

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through ... Read more

    Affected Products : dynamic_content_personalization
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-2411

    Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication
Showing 20 of 4368 Results