Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-5717

    An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploy... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-0209

    A reflected cross-site scripting (XSS) vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the ... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-1255

    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-39872

    In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hol... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Race Condition

  • 9.3

    CRITICAL
    CVE-2025-9965

    Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-8410

    Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-59547

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for filenames allowing probing network endpoints. A spec... Read more

    Affected Products : dotnetnuke
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2025-10838

    A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remo... Read more

    Affected Products : ac21_firmware
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-6921

    The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled ... Read more

    Affected Products : transformers
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-4582

    Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 befo... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-58246

    Insertion of Sensitive Information Into Sent Data vulnerability in Automattic WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-57407

    A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browse... Read more

    Affected Products : s-cart
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-9342

    Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse.This issue affects AHE Mobile: from 1.9.7 before 1.9.9.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-7106

    danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess` function in `api/server/middleware/roles/access.js` uses `permissions.some()` to validate permissions, which incorrectly gr... Read more

    Affected Products : librechat
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2025-9963

    A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-10412

    The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uni_cpo_upload_file' function in all versions up to, and ... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-9846

    Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection.This issue affects Inka.Net: before 6.7.1.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27034

    Memory corruption while selecting the PLMN from SOR failed list.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2025-9798

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows Stored XSS.This issue affects Netigma: from 6.3.3 before 6.3.5 V8.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-59534

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, ... Read more

    Affected Products : cryptolib
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Injection
Showing 20 of 4409 Results