Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-58452

    WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_despachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject ma... Read more

    Affected Products : wegia
    • Published: Sep. 08, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.9

    HIGH
    CVE-2025-58453

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibe_anexo.php, in the id_anexo parameter. This vulnerability allow an authorized at... Read more

    Affected Products : wegia
    • Published: Sep. 08, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 8.9

    HIGH
    CVE-2025-58454

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listar_despachos.php, in the id_memorando parameter. This vulnerability allow an autho... Read more

    Affected Products : wegia
    • Published: Sep. 08, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-58745

    WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint `/html/socio/sistema/controller/controla_xlsx.p... Read more

    Affected Products : wegia
    • Published: Sep. 08, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-58751

    Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite d... Read more

    Affected Products : vite
    • Published: Sep. 08, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-57625

    CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotlite... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-57624

    A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-58752

    Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (... Read more

    Affected Products : vite
    • Published: Sep. 08, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-7970

    A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compr... Read more

    Affected Products : factorytalk_activation_manager
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2025-8007

    A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-8008

    A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-50709

    An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-9629

    The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the uss_setting_page function when processing the uss_set form type. This m... Read more

    Affected Products :
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-37123

    A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitra... Read more

    Affected Products :
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-53309

    In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix integer overflow in radeon_cs_parser_init The type of size is unsigned, if size is 0x40000000, there will be an integer overflow, size will be zero after size *= sizeof(... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53327

    In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Catch overflow of uptr and length syzkaller hits a WARN_ON when trying to have a uptr close to UINTPTR_MAX: WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selfte... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53326

    In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which from my (arguably very short) checking is not commonly d... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-53325

    In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer() Change logging from drm_{err,info}() to dev_{err,info}() in functions mtk_dp_aux_transfer() and mtk_dp_aux_do_transfer(... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-59160

    Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombst... Read more

    Affected Products : javascript_sdk
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53324

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced plane_state->commit refcount a few years ago in 21a... Read more

    Affected Products : linux_kernel
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4424 Results