Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-56207

    A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent as... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-6034

    There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitati... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-6033

    There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation r... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-56676

    TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-56572

    An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-56571

    Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-56018

    SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-55797

    An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-54477

    Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-54476

    Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-34224

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-34221

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic ... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-34215

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-43372

    The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process me... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Sep. 15, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-43294

    An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-43308

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-43328

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-43332

    A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-7779

    Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, Acronis True Image for Western Digital (ma... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-7493

    A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations ... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization
Showing 20 of 4324 Results