Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9765

    A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournament_details.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched rem... Read more

    Affected Products : sports_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-4600

    A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue ... Read more

    Affected Products : application_load_balancer
    • Published: May. 16, 2025
    • Modified: Sep. 08, 2025

  • 7.8

    HIGH
    CVE-2025-2713

    Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with ro... Read more

    Affected Products : gvisor
    • Published: Mar. 28, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2024-7254

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownField... Read more

    • Published: Sep. 19, 2024
    • Modified: Sep. 08, 2025

  • 7.3

    HIGH
    CVE-2024-6284

    In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects:  https://pkg.go.dev/gi... Read more

    Affected Products : nftables
    • Published: Jul. 03, 2024
    • Modified: Sep. 08, 2025

  • 3.3

    LOW
    CVE-2024-5899

    When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls Project... Read more

    • Published: Jun. 18, 2024
    • Modified: Sep. 08, 2025

  • 6.9

    MEDIUM
    CVE-2024-3036

    Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through 6.1.1-2.... Read more

    Affected Products : 800xa_base_system
    • Published: Jun. 21, 2024
    • Modified: Sep. 08, 2025

  • 10.0

    CRITICAL
    CVE-2024-25100

    Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.... Read more

    Affected Products : coupon_referral_program
    • Published: Feb. 12, 2024
    • Modified: Sep. 08, 2025

  • 3.6

    LOW
    CVE-2025-55188

    7-Zip before 25.01 does not always properly handle symbolic links during extraction.... Read more

    Affected Products : 7-zip
    • Published: Aug. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2024-12564

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can a... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Sep. 08, 2025

  • 8.8

    HIGH
    CVE-2025-3067

    Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity:... Read more

    Affected Products : android chrome edge_chromium
    • Published: Apr. 02, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 3.9

    LOW
    CVE-2025-1939

    Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability aff... Read more

    Affected Products : firefox
    • Published: Mar. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-53149

    Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2014-9200

    Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP C... Read more

    Affected Products : somachine unity_pro somove somove_lite
    • Published: Feb. 01, 2015
    • Modified: Sep. 05, 2025

  • 10.0

    HIGH
    CVE-2014-9199

    The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.... Read more

    Affected Products : java_web_client
    • Published: Jan. 17, 2015
    • Modified: Sep. 05, 2025

  • 10.0

    HIGH
    CVE-2014-9198

    The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.... Read more

    • Published: Jan. 27, 2015
    • Modified: Sep. 05, 2025

  • 10.0

    HIGH
    CVE-2014-9197

    The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct r... Read more

    • Published: Jan. 27, 2015
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-53272

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrec... Read more

    Affected Products : habitica
    • Published: Dec. 12, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-53273

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization funct... Read more

    Affected Products : habitica
    • Published: Dec. 12, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-53274

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacke... Read more

    Affected Products : habitica
    • Published: Dec. 12, 2024
    • Modified: Sep. 05, 2025
Showing 20 of 293355 Results