Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-8402

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-6465

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-57754

    eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-55521

    An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-8281

    The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-55230

    Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-51989

    HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) field, which will be sent out in an email resulting in possible Phishing ... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-43756

    <!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}-->A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-57755

    claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be expo... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-9310

    A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can le... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-50641

    An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-52352

    Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functio... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-7051

    On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.... Read more

    Affected Products : n-central
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-38743

    Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevati... Read more

    Affected Products : emc_idrac_service_module
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-57751

    pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), re... Read more

    Affected Products : pyload
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 9.3

    CRITICAL
    CVE-2010-20112

    Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2010-20119

    CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the lengt... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3128

    A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-54460

    The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2010-20108

    FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, th... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291617 Results