Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-8909

    Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-8910

    Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8911

    Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-8912

    Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-8913

    Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8914

    Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2025-8515

    A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may... Read more

    Affected Products : incontrol_web
    • Published: Aug. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-26065

    A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-53009

    MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsi... Read more

    Affected Products : materialx
    • Published: Aug. 01, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53010

    MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which ... Read more

    Affected Products : materialx
    • Published: Aug. 01, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-53011

    MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which ... Read more

    Affected Products : materialx
    • Published: Aug. 01, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-53012

    MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limi... Read more

    Affected Products : materialx
    • Published: Aug. 01, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 9.0

    CRITICAL
    CVE-2025-54117

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text ed... Read more

    Affected Products : nameless
    • Published: Aug. 18, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-54421

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the default_keywords ... Read more

    Affected Products : nameless
    • Published: Aug. 18, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-54118

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code ... Read more

    Affected Products : nameless
    • Published: Aug. 18, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-5047

    A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5048

    A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5046

    A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21447

    Memory corruption may occur while processing device IO control call for session control.... Read more

    • Published: Apr. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21436

    Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.... Read more

    • Published: Apr. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291589 Results