Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-29523

    D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-9416

    A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from... Read more

    Affected Products : samarium
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-9412

    A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be laun... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-54300

    A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-53120

    A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-44178

    DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN ... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-53118

    An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-53119

    An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-54370

    PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lie... Read more

    Affected Products : phpspreadsheet
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-45968

    An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization che... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-9400

    A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible.... Read more

    Affected Products : yifang
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-9385

    A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. Th... Read more

    Affected Products : tcpreplay
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-5191

    An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a ma... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-8997

    An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.7

    MEDIUM
    CVE-2025-55301

    The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-9415

    A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out ... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-57802

    Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data).... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2025-3456

    On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-... Read more

    Affected Products : eos
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-9386

    A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The ... Read more

    Affected Products : tcpreplay
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-9399

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The expl... Read more

    Affected Products : yifang
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection
Showing 20 of 4362 Results