Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-10079

    A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The ex... Read more

    Affected Products : small_crm
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-58782

    Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that... Read more

    Affected Products : jackrabbit jackrabbit_jcr_commons
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2024-48341

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop... Read more

    Affected Products : dingfanzu
    • Published: Sep. 08, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-25733

    Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a deg... Read more

    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-23312

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escala... Read more

    Affected Products : nemo
    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-8067

    A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of thi... Read more

    • Published: Aug. 28, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-23313

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of p... Read more

    Affected Products : nemo
    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23314

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of p... Read more

    Affected Products : nemo
    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23315

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, e... Read more

    Affected Products : linux_kernel macos windows nemo
    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-9656

    A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting. The attack may... Read more

    Affected Products : directory_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-29874

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-29875

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-29878

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-29879

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-29886

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-6237

    A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can rea... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-10634

    A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10619

    A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10127

    Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39805

    In the Linux kernel, the following vulnerability has been resolved: net: macb: fix unregister_netdev call order in macb_remove() When removing a macb device, the driver calls phy_exit() before unregister_netdev(). This leads to a WARN from kernfs: --... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4279 Results