Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-54831

    Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. I... Read more

    Affected Products : airflow
    • Published: Sep. 26, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-9512

    The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-61045

    TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-61044

    TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-59687

    IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-59686

    Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-59685

    Kazaar 1.25.12 allows a JWT with none in the alg field.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-59684

    DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-57275

    Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-52042

    In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52041

    In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL que... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52040

    In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type paramet... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52039

    In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-4953

    A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory o... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-24525

    Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipp... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cryptography

  • 8.6

    HIGH
    CVE-2025-11152

    This vulnerability affects Firefox < 143.0.3.... Read more

    Affected Products : firefox
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025

  • 1.9

    LOW
    CVE-2023-50301

    IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-56514

    Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-61622

    Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-57428

    Default credentials in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-level flash and register manipulation commands.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 4465 Results