Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.5

    CRITICAL
    CVE-2020-36851

    Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-onl... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-10952

    A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File Handler. Performing manipulation of the arg... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46148

    In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-59426

    Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-For... Read more

    Affected Products : lobe_chat
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-59830

    Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parame... Read more

    Affected Products : rack
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-59834

    ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-46153

    PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-59251

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025

  • 5.1

    MEDIUM
    CVE-2025-10943

    A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripti... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-36601

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclos... Read more

    Affected Products : powerscale_onefs
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-10949

    A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.0

    MEDIUM
    CVE-2025-59422

    Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat... Read more

    Affected Products : dify
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-10950

    A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserializ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-10945

    A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-10946

    A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2025-21056

    Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-10438

    Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-59831

    git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitC... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 3.9

    LOW
    CVE-2025-5494

    ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-10944

    A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiate... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4332 Results