Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-9921

    A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack ... Read more

    Affected Products : pos_pharmacy_system
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-9920

    A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remote... Read more

    Affected Products : recruitment_management_system
    • Published: Sep. 03, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-55422

    In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.... Read more

    Affected Products : foxcms
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-58050

    The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs... Read more

    Affected Products : pcre2
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49155

    An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.... Read more

    Affected Products : apex_one apexone_op apexone_saas
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-49156

    A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target ... Read more

    Affected Products : apex_one apexone_op apexone_saas
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-37777

    O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.... Read more

    Affected Products : o2oa
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-49157

    A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on t... Read more

    Affected Products : apex_one apexone_op apexone_saas
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-49158

    An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code ... Read more

    Affected Products : apex_one apexone_op apexone_saas
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-55582

    D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesys... Read more

    Affected Products : dcs-825l dcs-825l_firmware
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2024-35213

    An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Jun. 11, 2024
    • Modified: Sep. 09, 2025

  • 7.1

    HIGH
    CVE-2023-32701

    Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Nov. 14, 2023
    • Modified: Sep. 09, 2025

  • 7.3

    HIGH
    CVE-2025-55618

    In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.... Read more

    Affected Products : navigation
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-34520

    An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic fl... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-34521

    A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges t... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-30642

    A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg... Read more

    Affected Products : windows deep_security_agent
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-30641

    A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execut... Read more

    Affected Products : windows deep_security_agent
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-30640

    A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s... Read more

    Affected Products : windows deep_security_agent
    • Published: Jun. 17, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-55955

    An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first ... Read more

    Affected Products : windows deep_security_agent
    • Published: Dec. 31, 2024
    • Modified: Sep. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-34522

    A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking all... Read more

    Affected Products : udp
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293350 Results