Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-8163

    A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8219

    A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POS... Read more

    Affected Products : lingdang_crm
    • Published: Jul. 27, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8345

    A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The manipulation of t... Read more

    Affected Products : lingdang_crm
    • Published: Jul. 31, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-8525

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-40920

    Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-8526

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipula... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8527

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component S... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-8528

    A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possib... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Information Disclosure

  • 4.5

    MEDIUM
    CVE-2024-13304

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.... Read more

    Affected Products : minify_js
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-13305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4.... Read more

    Affected Products : entity_form_steps
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13309

    Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1.... Read more

    Affected Products : login_disable
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-0461

    A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAja... Read more

    Affected Products : lingdang_crm
    • Published: Jan. 14, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0462

    A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&min... Read more

    Affected Products : lingdang_crm
    • Published: Jan. 14, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0463

    A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minip... Read more

    Affected Products : lingdang_crm
    • Published: Jan. 14, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8123

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the a... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 24, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8124

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument params[dataScope] l... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8126

    A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the ... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2023-4957

    A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending... Read more

    Affected Products : zt410_firmware zt410
    • Published: Oct. 11, 2023
    • Modified: Aug. 28, 2025

  • 10.0

    CRITICAL
    CVE-2025-34158

    Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.... Read more

    Affected Products : media_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8125

    A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataScope] leads to sql... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection
Showing 20 of 292795 Results