Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-55727

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for a... Read more

    Affected Products : pro_macros
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-55728

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for ... Read more

    Affected Products : pro_macros
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-57060

    Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : g3_firmware g3
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-44594

    halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.... Read more

    Affected Products : halo
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-5715

    A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. I... Read more

    Affected Products : signal
    • Published: Jun. 06, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-5806

    Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to... Read more

    Affected Products : gatling
    • Published: Jun. 06, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-30279

    An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerabi... Read more

    Affected Products : file_station
    • Published: Jun. 06, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-33031

    An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerabil... Read more

    Affected Products : file_station
    • Published: Jun. 06, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-33035

    A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerabilit... Read more

    Affected Products : file_station
    • Published: Jun. 06, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-43863

    vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password ... Read more

    Affected Products : vantage6
    • Published: Jun. 12, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-43866

    vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictabl... Read more

    Affected Products : vantage6
    • Published: Jun. 12, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-32427

    Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports ... Read more

    Affected Products : formie
    • Published: Apr. 11, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-32426

    Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal ... Read more

    Affected Products : formie
    • Published: Apr. 11, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-32027

    Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.... Read more

    Affected Products : yii
    • Published: Apr. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-32391

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by ex... Read more

    Affected Products : hedgedoc
    • Published: Apr. 10, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-50154

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-34178

    In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticate... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-34177

    In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticate... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-34176

    In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file canno... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-34175

    In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticate... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294690 Results