Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.6 CRITICAL
CVE-2025-40943 — Adobe Flash Security Code Injection Vulnerability

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagn…

simatic_drive_controller_cpu_1504d_tf_firmware simatic_drive_controller_cpu_1507d_tf_firmware simatic_s7-1500_cpu_1511-1_pn_firmware simatic_s7-1500_cpu_1511c-1_pn_firmware simatic_s7-1500_cpu_1511f-1_pn_firmware simatic_s7-1500_cpu_1511t-1_pn_firmware +58 more | Remote | Injection
Mar 10, 2026 Mar 19, 2026
Mar 10, 2026
Mar 19, 2026
2.6 LOW
CVE-2025-27769 — Heliox Flex and Mobile DC Unauthorized Service Access Vulnerability

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain i…

| Authorization
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
7.5 HIGH
CVE-2025-13957 — PostgreSQL SOCKS Proxy Hard-coded Credentials Remote Code Execution

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL…

Remote | Authentication
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
5.1 MEDIUM
CVE-2025-13902 — Apache Web Server Cross-site Scripting (XSS)

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser r…

Remote | Cross-Site Scripting
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
6.9 MEDIUM
CVE-2025-13901 — Machine Expert Protocol Resource Shutdown Weakness

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to oc…

Remote | Denial of Service
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
8.5 HIGH
CVE-2025-11739 — Apache Java Deserialization Code Execution Vulnerability

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data str…

| Injection
Mar 10, 2026 Mar 11, 2026
Mar 10, 2026
Mar 11, 2026
Showing 20 of 6646 Results