Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-54576

    OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when usin... Read more

    Affected Products : oauth2_proxy
    • Published: Jul. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-8614

    NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privile... Read more

    Affected Products : nomachine
    • Published: Sep. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-9109

    A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response dis... Read more

    Affected Products : i-diario
    • Published: Aug. 18, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-55296

    librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaS... Read more

    Affected Products : librenms
    • Published: Aug. 18, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-20269

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file sy... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-9994

    The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-52915

    K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller valida... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-52322

    An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C), using the IP address of a legitimate UE in the PDN Address Allocation (PAA) field... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-52277

    Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field... Read more

    Affected Products : yeswiki
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-7954

    A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.... Read more

    Affected Products : shopware
    • Published: Aug. 06, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-9364

    An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.... Read more

    Affected Products : factorytalk_analytics_logixai
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-28041

    Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.... Read more

    Affected Products : itranswarp
    • Published: Aug. 20, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-20006

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-20026

    Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-20032

    Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-20039

    Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 8.0

    HIGH
    CVE-2025-20046

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-20062

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-20618

    Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-9680

    A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be ini... Read more

    Affected Products : o2oa
    • Published: Aug. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293513 Results