Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-55619

    Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-55620

    A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-55623

    An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-55624

    An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-13273

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 bef... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-30040

    Windows MSHTML Platform Security Feature Bypass Vulnerability... Read more

    • Actively Exploited
    • Published: May. 14, 2024
    • Modified: Aug. 28, 2025

  • 8.8

    HIGH
    CVE-2025-8127

    A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be initiated... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8161

    A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument params[dataScope] leads to sql injection. The at... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8162

    A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument params[dataScope] leads to sql injectio... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8163

    A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate... Read more

    Affected Products : deer-wms-2
    • Published: Jul. 25, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8219

    A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POS... Read more

    Affected Products : lingdang_crm
    • Published: Jul. 27, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8345

    A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The manipulation of t... Read more

    Affected Products : lingdang_crm
    • Published: Jul. 31, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-8525

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-40920

    Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are ... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-8526

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipula... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8527

    A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/SecurityController.java of the component S... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-8528

    A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possib... Read more

    Affected Products : xboot
    • Published: Aug. 04, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Information Disclosure

  • 4.5

    MEDIUM
    CVE-2024-13304

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.... Read more

    Affected Products : minify_js
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-13305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4.... Read more

    Affected Products : entity_form_steps
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13309

    Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1.... Read more

    Affected Products : login_disable
    • Published: Jan. 09, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication
Showing 20 of 293418 Results