Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.9

    HIGH
    CVE-2025-10467

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS.This issue affects OBS (Studen... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-10911

    A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-26333

    Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46150

    In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-10894

    Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects cre... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Supply Chain

  • 5.3

    MEDIUM
    CVE-2025-20316

    A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerabilit... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20314

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. ... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-20313

    Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of tru... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Path Traversal

  • 6.0

    MEDIUM
    CVE-2025-20338

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-52906

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.... Read more

    Affected Products : x6000r_firmware
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-59251

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025

  • 9.0

    HIGH
    CVE-2025-10948

    A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotel... Read more

    Affected Products : routeros
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-20149

    A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a... Read more

    Affected Products : ios_xe ios
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-10541

    iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because ... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-55322

    Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : omniparser
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025

  • 7.5

    HIGH
    CVE-2025-57317

    apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via su... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-20312

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper ... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-20160

    A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system... Read more

    Affected Products : ios_xe ios
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-60128

    Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-60144

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Lenix scss compiler allows Stored XSS. This issue affects Lenix scss compiler: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4317 Results