Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-56515

    File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-56514

    Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-51495

    An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-34230

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-34229

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-34228

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/up... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-34222

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and /admin/ce... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-34220

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests t... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication

  • 1.9

    LOW
    CVE-2023-50301

    IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-20357

    A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient va... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-20356

    A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient va... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-20361

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cros... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-20368

    In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload thr... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-20371

    In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially lett... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.7

    MEDIUM
    CVE-2025-20367

    In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-20370

    In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could s... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20366

    In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search resu... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authorization

  • 4.6

    MEDIUM
    CVE-2025-20369

    In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible mark... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-54831

    Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. I... Read more

    Affected Products : airflow
    • Published: Sep. 26, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-9512

    The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4472 Results