Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-46411

    A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-48005

    A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a mal... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-52461

    An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trig... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-29420

    PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.... Read more

    Affected Products : perfreeblog
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-29421

    PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.... Read more

    Affected Products : perfreeblog
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-52130

    File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potenti... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-50383

    alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.... Read more

    Affected Products : easyappointments
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44179

    Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arb... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-29525

    DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-29524

    Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-46412

    Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-55575

    SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-50900

    An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-de... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-57704

    Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-9172

    The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5931

    The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff ... Read more

    Affected Products : dokan_pro_plugin
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-44002

    Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, vi... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-41702

    The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-8597

    MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inje... Read more

    Affected Products : macvim
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-57814

    request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are cor... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 3903 Results