Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-54252

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypass... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-9176

    A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local ac... Read more

    Affected Products : shc
    • Published: Aug. 20, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9173

    A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched ... Read more

    Affected Products : emlog
    • Published: Aug. 20, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-57819

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipul... Read more

    Affected Products : freepbx
    • Actively Exploited
    • Published: Aug. 28, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-9287

    Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.... Read more

    Affected Products : cipher-base
    • Published: Aug. 20, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-5086

    A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.... Read more

    Affected Products : delmia_apriso
    • Actively Exploited
    • Published: Jun. 02, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-9288

    Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.... Read more

    Affected Products : sha.js
    • Published: Aug. 20, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-9262

    A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The att... Read more

    Affected Products : mcp-cli
    • Published: Aug. 20, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-59054

    dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for u... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-10318

    A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to impr... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9296

    A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the ... Read more

    Affected Products : emlog
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-9300

    A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be ... Read more

    Affected Products : libsixel
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-9308

    A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this att... Read more

    Affected Products : yarn
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-9310

    A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can le... Read more

    Affected Products : carrental
    • Published: Aug. 21, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-8916

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS ... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 13, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-8885

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerability is associate... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-8699

    Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-6638

    A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has bee... Read more

    Affected Products : transformers
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-27240

    A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.... Read more

    Affected Products : zabbix
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2025-27238

    Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.... Read more

    Affected Products : zabbix
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 293600 Results