Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-36132

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... Read more

    Affected Products : planning_analytics_local
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2023-50300

    IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-49883

    IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-49881

    IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2023-50301

    IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.... Read more

    Affected Products : transformation_extender_advanced
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-11083

    A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-11082

    A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-11081

    A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now ... Read more

    Affected Products : binutils
    • Published: Sep. 27, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-34207

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `Stric... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-52043

    In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQ... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52047

    In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52049

    In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the time... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52050

    In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injectin... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52039

    In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52040

    In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type paramet... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52041

    In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL que... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52042

    In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting ... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56380

    Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56381

    ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-34209

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase for the account *no‑reply+virtual‑appliance@printerlog... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Supply Chain
Showing 20 of 3917 Results