Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-59251

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025

  • 3.9

    LOW
    CVE-2025-5494

    ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57354

    A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's tran... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-10949

    A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-56241

    Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows full administrative control of the router without authe... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-48869

    Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, all... Read more

    Affected Products : horilla
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-57351

    A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adver... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-43943

    Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vu... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-57349

    The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-10947

    A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to a... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 0.5

    LOW
    CVE-2025-59824

    Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mut... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-20327

    A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacke... Read more

    Affected Products : ios
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2025-21056

    Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-27261

    Ericsson Indoor Connect 8855 contains a SQL injection vulnerability which if exploited can lead to unauthorized disclosure and modification of user and configuration data.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-10944

    A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiate... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-57352

    A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the __proto__ property, an attacker can manipula... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-59827

    Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege ... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-59833

    Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point ded... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46149

    In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-46152

    In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4331 Results