Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-9673

    A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-9671

    A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application compon... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 4.2

    MEDIUM
    CVE-2025-58067

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this U... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-22483

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application d... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-38677

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 ... Read more

    Affected Products : linux_kernel
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2025-58160

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI es... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-34164

    A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-9669

    A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been discl... Read more

    Affected Products : jinher_oa
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-4956

    Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-9670

    A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2025-43773

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a secu... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-9618

    The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-34165

    A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2025-44015

    A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following v... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9672

    A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application comp... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-52544

    E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file sys... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-28988

    SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after research... Read more

    Affected Products : web_help_desk
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2024-58259

    A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively lar... Read more

    Affected Products : rancher
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-9688

    A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-0640

    Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 4425 Results