Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-23312

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escala... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23313

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of p... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-8424

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-55443

    Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these log... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-39335

    Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-25737

    Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-49035

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-45753

    In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-7762

    The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes... Read more

    Affected Products : simple_job_board
    • Published: May. 15, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-1286

    The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.... Read more

    Affected Products : paid_memberships_pro
    • Published: Jul. 30, 2024
    • Modified: Aug. 29, 2025

  • 8.0

    HIGH
    CVE-2023-34488

    NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.... Read more

    Affected Products : nanomq
    • EPSS Score: %0.09
    • Published: Jun. 12, 2023
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-30258

    Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.... Read more

    Affected Products : magnusbilling
    • EPSS Score: %93.51
    • Published: Jun. 23, 2023
    • Modified: Aug. 29, 2025

  • 6.1

    MEDIUM
    CVE-2018-18307

    A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a passwo... Read more

    Affected Products : alchemy_cms
    • EPSS Score: %0.41
    • Published: Oct. 16, 2018
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8097

    The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code ... Read more

    Affected Products : x_server xorg-server x11
    • EPSS Score: %1.30
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8093

    Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly ex... Read more

    Affected Products : x_server xorg-server x11 xfree86
    • EPSS Score: %1.30
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8094

    Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary... Read more

    • EPSS Score: %1.04
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8095

    The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code... Read more

    Affected Products : debian_linux x_server xorg-server x11
    • EPSS Score: %2.30
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2014-8103

    X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) s... Read more

    Affected Products : x_server xorg-server
    • EPSS Score: %14.45
    • Published: Dec. 10, 2014
    • Modified: Aug. 29, 2025

  • 3.6

    LOW
    CVE-2015-3164

    The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.... Read more

    Affected Products : opensuse x_server xorg-server
    • EPSS Score: %0.06
    • Published: Jul. 01, 2015
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2017-10972

    Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.... Read more

    Affected Products : x_server xorg-server
    • EPSS Score: %0.56
    • Published: Jul. 06, 2017
    • Modified: Aug. 29, 2025
Showing 20 of 292650 Results