Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-11035

    A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiate... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: XML External Entity

  • 0.0

    NA
    CVE-2025-58384

    In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-57347

    A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers t... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-57329

    web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype v... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-57327

    spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causin... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-57326

    A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-57325

    rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vuln... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-57321

    A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum ... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-56383

    Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-55847

    Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute ar... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-55187

    In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-45994

    An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active Directory via sending a crafted POST request to /user/existdirectory/1.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-20240

    A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device. This vulnerability is due to improper sanitizatio... Read more

    Affected Products : ios_xe
    • Published: Sep. 24, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-11034

    A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of the argument filePath results in path traversal. It is po... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-11033

    A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11032

    A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql inj... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-11031

    A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The e... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-11029

    A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public an... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-11028

    A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-11027

    A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publ... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4476 Results