Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-57141

    rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.... Read more

    Affected Products : ruisibi
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-10097

    A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out... Read more

    Affected Products : sim
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10098

    A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote.... Read more

    Affected Products : user_management_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2025-51586

    An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.... Read more

    Affected Products : prestashop
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-10100

    A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to ini... Read more

    Affected Products : simple_forum\/discussion_system
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56265

    An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.... Read more

    Affected Products : n8n
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-56266

    A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.... Read more

    Affected Products : access_control_manager
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-56267

    A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.... Read more

    Affected Products : access_control_manager
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-57285

    codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute ... Read more

    Affected Products : codeceptjs
    • Published: Sep. 08, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9424

    A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The a... Read more

    Affected Products : ws7204-a_firmware ws7204-a
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-9422

    A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit... Read more

    Affected Products : samarium
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-9414

    A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in... Read more

    Affected Products : kodbox
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.1

    MEDIUM
    CVE-2024-46413

    Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.... Read more

    Affected Products : rebuild
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.6

    HIGH
    CVE-2025-43960

    Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by send... Read more

    Affected Products : adminer
    • Published: Aug. 25, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-54261

    ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. Scope is changed.... Read more

    Affected Products : coldfusion
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-54245

    Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_viewer
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54244

    Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : substance_3d_viewer
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54243

    Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_viewer
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-55227

    Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.5

    HIGH
    CVE-2025-54919

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
Showing 20 of 4405 Results