Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-11134

    A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID lead... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-11049

    A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. T... Read more

    Affected Products : i-educar
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-56234

    AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the nex... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-11136

    A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The atta... Read more

    Affected Products : yifang
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-59934

    Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11048

    A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotel... Read more

    Affected Products : i-educar
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-59939

    WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. I... Read more

    Affected Products : wegia
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11116

    A vulnerability was found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /add.home.php. The manipulation of the argument faculty results in sql injection. The attack can be executed remotely. The exploit has been m... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11114

    A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be... Read more

    Affected Products :
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11057

    A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/print_inv.php. Such manipulation of the argument ID leads to sql injection. The attack can be ex... Read more

    Affected Products : pet_grooming_management_software
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-11079

    A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit ha... Read more

    Affected Products : farm_management_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2025-59844

    SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11047

    A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit ha... Read more

    Affected Products : i-educar
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-10954

    Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime ... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-11137

    A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-11019

    A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public a... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-11122

    A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The expl... Read more

    Affected Products : ac18_firmware
    • Published: Sep. 28, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-41246

    VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit t... Read more

    Affected Products : tools
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-43400

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a malic... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-11063

    A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection
Showing 20 of 4261 Results