Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-58443

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a... Read more

    Affected Products : fogproject
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-58371

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remot... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2024-49260

    Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.9

    CRITICAL
    CVE-2025-55190

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive... Read more

    Affected Products : argo-cd
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-39700

    JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their co... Read more

    Affected Products : jupyterlab
    • Published: Jul. 16, 2024
    • Modified: Sep. 04, 2025

  • 9.9

    CRITICAL
    CVE-2025-47284

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a use... Read more

    Affected Products : gardener
    • Published: May. 19, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-47283

    Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privil... Read more

    Affected Products : gardener
    • Published: May. 19, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2024-3980

    The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files t... Read more

    • Published: Aug. 27, 2024
    • Modified: Oct. 30, 2024

  • 9.9

    CRITICAL
    CVE-2024-24830

    OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated reg... Read more

    Affected Products : openobserve
    • Published: Feb. 08, 2024
    • Modified: Aug. 27, 2025

  • 9.9

    CRITICAL
    CVE-2025-58159

    WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames... Read more

    Affected Products : wegia
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-31100

    Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025).... Read more

    Affected Products :
    • Published: Aug. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2020-17095

    Windows Hyper-V Remote Code Execution Vulnerability... Read more

    • Published: Dec. 10, 2020
    • Modified: Aug. 28, 2025

  • 9.9

    CRITICAL
    CVE-2025-58048

    Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction f... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2024-8436

    The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied param... Read more

    Affected Products : wp_easy_gallery
    • Published: Sep. 25, 2024
    • Modified: Aug. 27, 2025

  • 9.9

    CRITICAL
    CVE-2025-54049

    Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-5121

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-53836

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro... Read more

    Affected Products : xwiki xwiki-rendering
    • Published: Jul. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-53762

    Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : purview office_purview
    • Published: Jul. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-53213

    Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-3498

    An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication
Showing 20 of 293186 Results