Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-41376

    CRLF Injection vulnerability in Limesurvey v2.65.1+170522.  This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC... Read more

    Affected Products : limesurvey
    • Published: Aug. 01, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-41375

    SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint.... Read more

    Affected Products : limesurvey
    • Published: Aug. 01, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2010-20113

    EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively lo... Read more

    Affected Products : easyftp_server
    • Published: Aug. 21, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2010-20121

    EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowin... Read more

    Affected Products : easyftp_server
    • Published: Aug. 21, 2025
    • Modified: Sep. 10, 2025

  • 6.5

    MEDIUM
    CVE-2025-55522

    Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.... Read more

    Affected Products : akaunting
    • Published: Aug. 21, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-55521

    An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : akaunting
    • Published: Aug. 21, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-10028

    A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripti... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10029

    A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument s... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-10033

    A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has be... Read more

    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-58445

    Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers... Read more

    Affected Products : atlantis
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-10063

    A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads t... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10064

    A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument s... Read more

    Affected Products : point_of_sale_system
    • Published: Sep. 07, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-49005

    Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to ... Read more

    Affected Products : next.js vercel
    • Published: Jul. 03, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-57808

    ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization val... Read more

    Affected Products : esphome_firmware esphome
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-9784

    A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by rep... Read more

    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2024-51423

    Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.... Read more

    Affected Products : global_human_resources
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-54599

    The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own... Read more

    Affected Products : events_and_groups
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-57766

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens t... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-57815

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-forc... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-57816

    Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based ... Read more

    Affected Products : fides
    • Published: Sep. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293511 Results