Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-41145

    A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious appl... Read more

    Affected Products : teams
    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2025-8210

    A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper expor... Read more

    Affected Products : yeelight yeelight_classic
    • Published: Jul. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-9425

    A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The atta... Read more

    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-9424

    A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The a... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-9423

    A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit h... Read more

    Affected Products : online_water_billing_system
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-9422

    A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-9421

    A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The e... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-9420

    A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9356

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing ma... Read more

    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-9137

    A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been discl... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-54336

    In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in adm... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-50674

    An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-45271

    An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.... Read more

    • Published: Oct. 15, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-2530

    A privilege escalation allowing remote code execution was discovered in the orchestration service.... Read more

    Affected Products : puppet_enterprise
    • EPSS Score: %3.12
    • Published: Jun. 07, 2023
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2018-10631

    The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary exec... Read more

    • EPSS Score: %0.15
    • Published: Jul. 13, 2018
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-37302

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is ... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-37303

    Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then al... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.2

    HIGH
    CVE-2024-52805

    Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify de... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-52815

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-53863

    Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially in... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 291894 Results