Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-24525

    Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipp... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-55191

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause th... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-61792

    Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local admini... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Race Condition

  • 4.8

    MEDIUM
    CVE-2025-43826

    Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, an... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-9232

    Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: ... Read more

    Affected Products : openssl
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-9231

    Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM pl... Read more

    Affected Products : openssl
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-9230

    Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an applic... Read more

    Affected Products : openssl
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-7493

    A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations ... Read more

    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-56392

    An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-56200

    A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol ... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-56018

    SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-52050

    In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injectin... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52049

    In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the time... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52047

    In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52043

    In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQ... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-36262

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-36132

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-28016

    A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-10659

    The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the insecure termination of a regular expression check within... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-55017

    Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication
Showing 20 of 4331 Results