Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-28168

    The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modi... Read more

    Affected Products : multiple_file_upload
    • Published: May. 05, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 2.9

    LOW
    CVE-2025-27400

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerabil... Read more

    Affected Products : magento
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26877

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.30.... Read more

    Affected Products : front_end_users
    • Published: Feb. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-26876

    Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.... Read more

    Affected Products : search_with_typesense
    • Published: Feb. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-26318

    hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.... Read more

    Affected Products : tsplus_remote_access
    • Published: Mar. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-23798

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1.... Read more

    Affected Products : buddypress
    • Published: Jan. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-22598

    WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the loca... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-22597

    WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the ... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22532

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22531

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1.... Read more

    Affected Products : urdu_formatter
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21614

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing ... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2025-21612

    TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1546

    A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-1403

    Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.... Read more

    Affected Products : qiskit
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-1144

    School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-0985

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.... Read more

    Affected Products : mq
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-0297

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated rem... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-8267

    The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and includ... Read more

    Affected Products : radio_player
    • Published: Sep. 25, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2024-21058

    Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via ... Read more

    • Published: Apr. 16, 2024
    • Modified: Aug. 26, 2025

  • 5.1

    MEDIUM
    CVE-2024-20945

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle Gr... Read more

    Affected Products : jdk jre graalvm graalvm_for_jdk
    • Published: Feb. 17, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 292316 Results