Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-9423

    A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit h... Read more

    Affected Products : online_water_billing_system
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-9422

    A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-9421

    A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The e... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-9420

    A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9356

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing ma... Read more

    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-9137

    A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been discl... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-54336

    In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in adm... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-50674

    An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-45271

    An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.... Read more

    • Published: Oct. 15, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-2530

    A privilege escalation allowing remote code execution was discovered in the orchestration service.... Read more

    Affected Products : puppet_enterprise
    • EPSS Score: %3.12
    • Published: Jun. 07, 2023
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2018-10631

    The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary exec... Read more

    • EPSS Score: %0.15
    • Published: Jul. 13, 2018
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-37302

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is ... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-37303

    Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then al... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.2

    HIGH
    CVE-2024-52805

    Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify de... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-52815

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-53863

    Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially in... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2025-30159

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name ... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-43300

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in... Read more

    Affected Products : macos iphone_os ipados
    • Actively Exploited
    • Published: Aug. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-48384

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF... Read more

    Affected Products : git git
    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-30207

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291891 Results