Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-67507

    Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused in... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-67506

    PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it t... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-67502

    Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and us... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-67501

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate a... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2025-67500

    Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a ... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2025-67499

    The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is c... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-64898

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized acces... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2025-64897

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potential... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-61823

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerabil... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: XML External Entity

  • 6.2

    MEDIUM
    CVE-2025-61822

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary location... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-61821

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access s... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: XML External Entity

  • 8.2

    HIGH
    CVE-2025-61813

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access s... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: XML External Entity

  • 8.4

    HIGH
    CVE-2025-61812

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-61811

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerabilit... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-61810

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vuln... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-61809

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthor... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-61808

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not requi... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-67485

    mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-67496

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application doe... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-67495

    ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirec... Read more

    Affected Products : zitadel
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3884 Results