Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-43888

    Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unautho... Read more

    Affected Products : powerprotect_data_manager
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.0

    MEDIUM
    CVE-2025-43938

    Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain... Read more

    Affected Products : powerprotect_data_manager
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-58764

    Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the abi... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-59041

    Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a us... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-7718

    The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity p... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-10227

    Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in ... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-10225

    Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or u... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-10224

    Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships d... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-10222

    Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license sta... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-55976

    Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-10252

    A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is conside... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-10253

    A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be l... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-8696

    If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.... Read more

    Affected Products : stork
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-43784

    Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the API Bu... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-59049

    Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from u... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-43783

    Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attacke... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59052

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container (the "platform injector") to hold request-specific state during server-side rendering. For hist... Read more

    Affected Products : angular
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-10235

    A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remot... Read more

    Affected Products : scada-lts
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-6088

    In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-s... Read more

    Affected Products : librechat
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-10246

    A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting. Remote expl... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4491 Results