Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-10716

    A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of andro... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10674

    A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exp... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-10673

    A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack ma... Read more

    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-10672

    A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authenticati... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-30260

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-29900

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-29899

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-33038

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-33037

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-23305

    NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclo... Read more

    Affected Products : megatron-lm
    • Published: Aug. 13, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23306

    NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code... Read more

    Affected Products : megatron-lm
    • Published: Aug. 13, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-33036

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-33033

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-30278

    An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerabili... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-30277

    An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerabili... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2012-10054

    Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 13, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2024-53178

    In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with open_cached_dir open_cached_dir() may either race with the tcon reconnection even before compound_send_recv() or directly trigger a reconn... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Sep. 19, 2025

  • 6.5

    MEDIUM
    CVE-2025-30275

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-30263

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-53190

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Syzkaller reported a hung task with uevent_show() on stack trace. That specific issue was addressed by a... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: Sep. 19, 2025
Showing 20 of 294799 Results