Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-52478

    n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi... Read more

    Affected Products : n8n
    • Published: Aug. 19, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57749

    n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for sym... Read more

    Affected Products : n8n
    • Published: Aug. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 6.6

    MEDIUM
    CVE-2024-13297

    Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15.... Read more

    Affected Products : eloqua
    • Published: Jan. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2024-13296

    Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.... Read more

    Affected Products : mailjet
    • Published: Jan. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9297

    A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated rem... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4846

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    • Published: May. 18, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2012-10023

    A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The fla... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2012-10030

    FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, an... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-55564

    Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Aug. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-25007

    Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-25006

    Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-53783

    Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-33051

    Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-55613

    Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.... Read more

    Affected Products : o3 o3_firmware
    • Published: Aug. 22, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-8191

    A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site ... Read more

    Affected Products : mall
    • Published: Jul. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8343

    A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the ... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-27286

    Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 20, 2024
    • Modified: Sep. 03, 2025

  • 8.8

    HIGH
    CVE-2020-24363

    TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrati... Read more

    Affected Products : tl-wa855re_firmware tl-wa855re
    • Actively Exploited
    • Published: Aug. 31, 2020
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-8344

    A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument file... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-37744

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (a... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292846 Results