Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-57728

    In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-57727

    In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-40741

    A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in t... Read more

    Affected Products : solid_edge
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-57791

    An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful e... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-40740

    A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attac... Read more

    Affected Products : solid_edge
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-40739

    A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attac... Read more

    Affected Products : solid_edge
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-57790

    An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-57789

    An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-28447

    Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi.... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2025-57703

    DIAEnergie - Reflected Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-57702

    DIAEnergie - Reflected Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-57701

    DIAEnergie - Reflected Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-57700

    DIAEnergie - Stored Cross-site Scripting... Read more

    Affected Products : diaenergie
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-57788

    An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.... Read more

    Affected Products : commcell commvault
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-55503

    Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-55483

    Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-51488

    A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin.... Read more

    Affected Products : moonshine moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-51487

    A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a... Read more

    Affected Products : moonshine moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51489

    A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened.... Read more

    Affected Products : moonshine moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8973

    A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The expl... Read more

    Affected Products : cashier_queuing_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection
Showing 20 of 291589 Results