Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-34207

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `Stric... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-52043

    In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQ... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52047

    In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52049

    In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the time... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52050

    In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injectin... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52039

    In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52040

    In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type paramet... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52041

    In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL que... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-52042

    In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting ... Read more

    Affected Products : erpnext
    • Published: Oct. 01, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56380

    Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56381

    ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-34209

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase for the account *no‑reply+virtual‑appliance@printerlog... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Supply Chain

  • 9.3

    CRITICAL
    CVE-2025-34211

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching public certificate stored in cleartext. The key belongs to t... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-54591

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSS_Auth::hasAccess() function used by some of the tag/feed related endp... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-54592

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54875

    FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page,... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-57769

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If em... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-59948

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow A... Read more

    Affected Products : freshrss
    • Published: Sep. 29, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-59950

    FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clicking the Promote button in another user's management page a... Read more

    Affected Products : freshrss
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-61586

    FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist... Read more

    Affected Products : freshrss
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3936 Results