Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-53224

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-53215

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-9619

    A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is pos... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-58124

    Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2025-53579

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captcha.eu Captcha.eu allows Reflected XSS. This issue affects Captcha.eu: from n/a through n/a.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-53584

    Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2.... Read more

    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-53334

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP Local File Inclusion. This issue affects Jannah: from n/a through 7.4.1.... Read more

    Affected Products : jannah
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-48364

    Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allows Server Side Request Forgery. This issue affects rajce: from n/a through 0.4.2.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.6

    HIGH
    CVE-2025-53230

    Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-49402

    Missing Authorization vulnerability in favethemes Houzez CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez CRM: from n/a through 1.4.7.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-8290

    The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-58058

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memor... Read more

    Affected Products : xz
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-8858

    Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9585

    A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried ... Read more

    Affected Products : cf-n1_firmware
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-53508

    Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to t... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-40927

    CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect un... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-58048

    Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction f... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-31971

    AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability.  The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or ... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-25010

    Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces.... Read more

    Affected Products : kibana
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-53583

    Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight: from n/a through 5.1.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection
Showing 20 of 3925 Results