Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-8354

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the curren... Read more

    Affected Products : revit
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-58319

    Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.... Read more

    Affected Products : cncsoft-g2
    • Published: Sep. 24, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-58317

    Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.... Read more

    Affected Products : cncsoft-g2
    • Published: Sep. 24, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-60249

    vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability was discovered in the handling of user-suppl... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-57623

    A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-48707

    An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-29155

    An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-20362

    A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without au... Read more

    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-20333

    A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device... Read more

    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-10961

    A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10960

    A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10959

    A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10958

    A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the atta... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10817

    A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be lau... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 22, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10825

    A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated re... Read more

    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10826

    A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results i... Read more

    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-10827

    A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated r... Read more

    Affected Products : restaurant_menu_maker
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-10828

    A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. ... Read more

    Affected Products : pet_grooming_management_software
    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10829

    A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the at... Read more

    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10830

    A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. This issue affects some unknown processing of the file /pages/inv_edit1.php. Executing manipulation of the argument idd can lead to sql injection. The attack can be executed remot... Read more

    • Published: Sep. 23, 2025
    • Modified: Sep. 25, 2025
    • Vuln Type: Injection
Showing 20 of 4420 Results