Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-11134

    A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID lead... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-11049

    A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. T... Read more

    Affected Products : i-educar
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-56234

    AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the nex... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-11136

    A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The atta... Read more

    Affected Products : yifang
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-59934

    Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11048

    A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotel... Read more

    Affected Products : i-educar
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-11081

    A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now ... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-11108

    A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed fro... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11138

    A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public an... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-7698

    Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-11100

    A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly availa... Read more

    Affected Products : dir-823x_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11121

    A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The... Read more

    Affected Products : ac18_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-11083

    A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-11089

    A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql ... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11039

    A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote... Read more

    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-55187

    In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-11056

    A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file owner_panel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Re... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11110

    A security flaw has been discovered in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. It is possible t... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11113

    A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is no... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-11130

    A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack c... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 4288 Results