Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-20199

    A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed f... Read more

    Affected Products : buttercup
    • Published: Aug. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-6981

    An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. Th... Read more

    Affected Products : enterprise_server
    • Published: Jul. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-27920

    Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configur... Read more

    Affected Products : output_messenger
    • Actively Exploited
    • Published: May. 05, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-54068

    Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property upda... Read more

    Affected Products : livewire
    • Published: Jul. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-6107

    Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.... Read more

    Affected Products : metal_as_a_service
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-43093

    In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no a... Read more

    Affected Products : android
    • Actively Exploited
    • Published: Nov. 13, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-7775

    Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ... Read more

    • Actively Exploited
    • Published: Aug. 26, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-7392

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue affects Cookies Addons: from 1.0.0 before 1.2.4.... Read more

    Affected Products : cookies_addons
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-7393

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.... Read more

    Affected Products : mail_login
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-52885

    The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-5692

    The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possibl... Read more

    Affected Products : lead_form_data_collection_to_crm
    • Published: Jul. 02, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-2028

    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs... Read more

    Affected Products : log_server
    • Published: Aug. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-54878

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow v... Read more

    Affected Products : cryptolib
    • Published: Aug. 11, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-52566

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior i... Read more

    Affected Products : llama.cpp
    • Published: Jun. 24, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49847

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper _try_copy in llama.cpp/src/vocab.cp... Read more

    Affected Products : llama.cpp llama.cpp
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-52559

    Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-sit... Read more

    Affected Products : zulip zulip_server
    • Published: Jul. 02, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25202

    Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy _or_ are manually revoking token... Read more

    Affected Products : ash_authentication
    • Published: Feb. 11, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-2594

    The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target a... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-0466

    The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.... Read more

    Affected Products : sensei_lms
    • Published: Feb. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-8983

    Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : custom_twitter_feeds
    • Published: Oct. 08, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 292316 Results