Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-10717

    A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.camscanner. The manipulation leads to improper export of a... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10716

    A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of andro... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2023-49367

    An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-22608

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only provi... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2014-125128

    'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), allowing bypasses that contain different casings, whites... Read more

    Affected Products : sanitize-html
    • Published: Sep. 08, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2023-47430

    Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.... Read more

    Affected Products : readymedia
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 4.7

    MEDIUM
    CVE-2024-35798

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes, without any obvious pattern so possibly an overwrite in memory. After som... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2025-22607

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-22606

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by alteri... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-29025

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the... Read more

    Affected Products : netty debian_linux
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 0.0

    NA
    CVE-2025-57644

    Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input va... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-22605

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user ... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-25175

    An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.... Read more

    Affected Products : kickdler
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-27304

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.... Read more

    • Published: Apr. 05, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28026

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28025

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-28024

    Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.... Read more

    • Published: Apr. 21, 2022
    • Modified: Sep. 19, 2025

  • 3.3

    LOW
    CVE-2022-48668

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached region so can risk temporarily corrupting the file data. This fixes xfstest gene... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 3.3

    LOW
    CVE-2022-48667

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in insert range insert range doesn't discard the affected cached region so can risk temporarily corrupting file data. Also includes some minor clean... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2022-48665

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity partition. For example, if storage with sector size of 512 ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 28, 2024
    • Modified: Sep. 19, 2025
Showing 20 of 294793 Results