Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-36245

    IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.... Read more

    Affected Products : infosphere_information_server
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-43357

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 15, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-36890

    Elevation of Privilege... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-26442

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privilege... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-26436

    In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges nee... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26435

    In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26430

    In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-59933

    libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header... Read more

    Affected Products : libvips
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Memory Corruption

  • 2.1

    LOW
    CVE-2025-59163

    vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-57769

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If em... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-54875

    FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page,... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-54592

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-43820

    Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update ... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-43818

    Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 al... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-43815

    Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via ... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-43811

    Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remot... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-57266

    An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-54591

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSS_Auth::hasAccess() function used by some of the tag/feed related endp... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-45376

    Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation ... Read more

    Affected Products : repository_manager
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 9.5

    CRITICAL
    CVE-2025-34235

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS ... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4260 Results