Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-9595

    A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. The attack may be performed f... Read more

    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-9596

    A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit ... Read more

    Affected Products : sports_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2025-9605

    A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack c... Read more

    Affected Products : ac21_firmware ac23_firmware ac23 ac21
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-54877

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker... Read more

    Affected Products : tuleap
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-55202

    Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially a... Read more

    Affected Products : opencast
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-9720

    A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross ... Read more

    Affected Products : i-educar
    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9721

    A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the att... Read more

    Affected Products : i-educar
    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9722

    A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripti... Read more

    Affected Products : i-educar
    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9723

    A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated re... Read more

    Affected Products : i-educar
    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-9724

    A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack ca... Read more

    Affected Products : i-educar
    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-20703

    In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User ... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +52 more products
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-20705

    In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS0... Read more

    Affected Products : android openwrt yocto mt2735 mt6781 mt6789 mt6835 mt6853 mt6855 mt6877 +32 more products
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-20704

    In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. U... Read more

    Affected Products : nr17 mt6813 mt6835 mt6878 mt6897 mt8676 mt8678 mt8792 nr17r mt6835t +6 more products
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-20706

    In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS0992462... Read more

    Affected Products : android mt6989 mt8676 mt8678 mt6899 mt6991
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20707

    In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS0992... Read more

    Affected Products : android mt6853 mt6877 mt6893 mt8791t mt8786 mt8676 mt8678 mt8775 mt8792 +8 more products
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-20708

    In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +53 more products
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-55154

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory cor... Read more

    Affected Products : imagemagick
    • Published: Aug. 13, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-9771

    A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search leads to sql injecti... Read more

    Affected Products : eye_clinic_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-0656

    IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    Affected Products : concert
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-33082

    IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di... Read more

    Affected Products : concert
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293308 Results