Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-55618

    In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.... Read more

    Affected Products : navigation
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-34520

    An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic fl... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-34521

    A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges t... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-34522

    A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking all... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-34523

    A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processin... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-9610

    A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried... Read more

    Affected Products : online_event_judging_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-46916

    Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fsta... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-46917

    Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition,... Read more

    Affected Products : vynamic_security_suite
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-55579

    SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.... Read more

    Affected Products : solidinvoice
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-55580

    SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed... Read more

    Affected Products : solidinvoice
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-55763

    Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt h... Read more

    Affected Products : civetweb
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44033

    SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java... Read more

    Affected Products : oa_system oasys
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-9665

    A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. Th... Read more

    Affected Products : simple_grading_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2023-41471

    Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function.... Read more

    Affected Products : copyparty
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-9375

    XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1.... Read more

    Affected Products : xmltodict
    • Published: Sep. 01, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-58780

    index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."... Read more

    Affected Products : sl1
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10083

    A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed... Read more

    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-10085

    A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remote... Read more

    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-10087

    A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be... Read more

    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-10088

    A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotel... Read more

    Affected Products : personal_time_tracker
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4044 Results