Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-58323

    NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-54716

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-54029

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-53588

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-53227

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Saga allows PHP Local File Inclusion. This issue affects Magazine Saga: from n/a through 1.2.7.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-53220

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-49404

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in purethemes Listeo-Core allows SQL Injection. This issue affects Listeo-Core: from n/a through 1.9.32.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-48365

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-39247

    There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.... Read more

    Affected Products : hikcentral_professional
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-39246

    There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-40927

    CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect un... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.5

    LOW
    CVE-2025-9589

    A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-6203

    A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resu... Read more

    Affected Products : vault
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-53243

    Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for W... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-57767

    Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenti... Read more

    Affected Products : asterisk
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-53583

    Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight: from n/a through 5.1.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-53225

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eboekhouden e-Boekhouden.nl allows Reflected XSS. This issue affects e-Boekhouden.nl: from n/a through 1.9.3.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-53223

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undoIT Theme Switcher Reloaded allows Reflected XSS. This issue affects Theme Switcher Reloaded: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-54725

    Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.... Read more

    Affected Products : golo
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-9619

    A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is pos... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4468 Results