Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-9921

    A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack ... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-9920

    A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remote... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-56803

    Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to child_pr... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-45805

    In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and select... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-36193

    IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2022-34661

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < ... Read more

    Affected Products : teamcenter
    • EPSS Score: %0.41
    • Published: Aug. 10, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-2460

    The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users... Read more

    Affected Products : wpdating
    • EPSS Score: %4.06
    • Published: Aug. 08, 2022
    • Modified: Sep. 03, 2025

  • 7.1

    HIGH
    CVE-2022-20358

    In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User inter... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Aug. 10, 2022
    • Modified: Sep. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-39097

    There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.... Read more

    Affected Products : gnuboard
    • Published: Aug. 26, 2024
    • Modified: Sep. 03, 2025

  • 4.9

    MEDIUM
    CVE-2024-51991

    October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files... Read more

    Affected Products : october
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-46340

    Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inject arbit... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-46553

    @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, i... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-46559

    Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. T... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46730

    MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal ... Read more

    Affected Products : mobile_security_framework
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-9867

    Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-9866

    Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-9865

    Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Me... Read more

    Affected Products : chrome
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-57148

    phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-57147

    A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-57052

    cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing al... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292238 Results