Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-57062

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-53644

    OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.... Read more

    Affected Products : opencv
    • Published: Jul. 17, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7788

    A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulatio... Read more

    Affected Products : xxl-job
    • Published: Jul. 18, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-53888

    RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds.... Read more

    Affected Products : riot
    • Published: Jul. 18, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-7789

    A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The man... Read more

    Affected Products : xxl-job
    • Published: Jul. 18, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-7888

    A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formK... Read more

    Affected Products : tduck-platform
    • Published: Jul. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-9175

    A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is public... Read more

    Affected Products : shc
    • Published: Aug. 19, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-50901

    JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.... Read more

    Affected Products : jeewms
    • Published: Aug. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-50904

    There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.... Read more

    Affected Products : my-site
    • Published: Aug. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-55444

    A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code executi... Read more

    • Published: Aug. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-57520

    A Cross Site Scripting (XSS) vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary J... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-57085

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-53495

    Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.... Read more

    Affected Products : my-site
    • Published: Aug. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-57152

    Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class... Read more

    Affected Products : my-site
    • Published: Aug. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-9263

    A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to... Read more

    Affected Products : xxl-job
    • Published: Aug. 20, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-9264

    A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument I... Read more

    Affected Products : xxl-job
    • Published: Aug. 21, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-52194

    A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, l... Read more

    Affected Products : libsndfile
    • Published: Aug. 21, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-6021

    A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.... Read more

    • Published: Jun. 12, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-50518

    A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possi... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-47184

    An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a craf... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: XML External Entity
Showing 20 of 294071 Results