Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-21025

    Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-55472

    SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns[0][data] parameter, which is directly used in SQL queries withou... Read more

    Affected Products : tirreno
    • Published: Sep. 02, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-55373

    Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights.... Read more

    Affected Products : beakon
    • Published: Sep. 02, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-55372

    An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : beakon
    • Published: Sep. 02, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-9758

    A vulnerability was identified in deepakmisal24 Chemical Inventory Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory_form.php. Such manipulation of the argument chem_name leads to sql injection.... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-59019

    Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-59018

    Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive i... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9716

    A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/al... Read more

    Affected Products : o2oa
    • Published: Aug. 31, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-10255

    A vulnerability was determined in Ascensio System SIA OnlyOffice up to 12.7.0. Impacted is an unknown function of the file /Products/Projects/Messages.aspx of the component Comment Handler. Executing manipulation can lead to cross site scripting. The atta... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-10254

    A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. ... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-39553

    Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9.... Read more

    Affected Products : church_admin
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53797

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-53796

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 7.5

    HIGH
    CVE-2025-47571

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder. This issue affects Super Store Finder: from n/a through 6.9.7.... Read more

    Affected Products : super_store_finder
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-47570

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews. This issue affects WooCommerce Photo Reviews: from n/a through 1.3.13.... Read more

    Affected Products : woocommerce_photo_reviews
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-53348

    Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48101

    Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-53303

    Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection. This issue affects ThemeMove Core: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-53799

    Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 9.3

    CRITICAL
    CVE-2025-47569

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gif... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection
Showing 20 of 4385 Results