Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-56869

    Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and Fi... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-10721

    A vulnerability was determined in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The attack can only... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-26515

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an unauthenticated attacker to ch... Read more

    Affected Products : storagegrid
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2025-34204

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP workers, Node.js servers and custom binaries) as the root use... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2022-4980

    General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL us... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-26514

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Reflected Cross-Site Scripting vulnerability. Successful exploit could allow an attacker to view or modify configuration settings or add or modif... Read more

    Affected Products : storagegrid
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-26516

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker to cause a Denial of Service on the Admin node.... Read more

    Affected Products : storagegrid
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-26517

    StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addr... Read more

    Affected Products : storagegrid
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2024-13990

    MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM)... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cryptography

  • 8.5

    HIGH
    CVE-2025-34190

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (macOS/Linux client deployments) are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain administrative opera... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-34203

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-43803

    Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-52159

    Hardcoded credentials in default configuration of PPress 0.0.9.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-54761

    An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-34195

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-34188

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPS... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-34194

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT AUTHORITY\SYSTEM ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-34198

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, EC... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-34200

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker wit... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-34206

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files ... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4296 Results