Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-9567

    The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products : ehrd_ctms
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2012-10062

    A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests usin... Read more

    Affected Products : xampp
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2009-20008

    Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fi... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-9727

    A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The ... Read more

    Affected Products :
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2010-10016

    BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw o... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2009-20009

    Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to pro... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-0610

    Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2025-52551

    E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-52548

    E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-52546

    E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-12973

    Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-52543

    E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-58318

    Delta Electronics DIAView has an authentication bypass vulnerability.... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-9568

    The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products : ehrd_ctms
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-36133

    IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the contai... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-57799

    StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks again... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-9688

    A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely... Read more

    Affected Products :
    • Published: Aug. 30, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2024-52284

    Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.... Read more

    Affected Products : rancher
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-9802

    A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.... Read more

    Affected Products : remote_clinic
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2022-38694

    In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3911 Results