Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-8814

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack ma... Read more

    Affected Products : pybbs
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-3733

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.... Read more

    Affected Products : baguettebox.js
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-3734

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5.... Read more

    Affected Products : stage_file_proxy
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-3735

    Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.... Read more

    Affected Products : panelizer_\(obsolete\)
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3736

    Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.... Read more

    Affected Products : simple_gtm
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3737

    Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.... Read more

    Affected Products : _store_locator_project
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-33663

    python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.... Read more

    Affected Products : python-jose
    • Published: Apr. 26, 2024
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3738

    Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.... Read more

    Affected Products : google_optimize
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 7.3

    HIGH
    CVE-2025-3903

    Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.... Read more

    Affected Products : ueditor
    • Published: Apr. 23, 2025
    • Modified: Sep. 02, 2025

  • 7.3

    HIGH
    CVE-2025-3904

    Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.... Read more

    Affected Products : sportsleague
    • Published: Apr. 23, 2025
    • Modified: Sep. 02, 2025

  • 4.3

    MEDIUM
    CVE-2025-3907

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.... Read more

    Affected Products : search_api_solr
    • Published: Apr. 23, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-52888

    For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.... Read more

    • Published: Apr. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-52887

    Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.... Read more

    • Published: Apr. 27, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-33664

    python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.... Read more

    Affected Products : python-jose
    • Published: Apr. 26, 2024
    • Modified: Sep. 02, 2025

  • 8.1

    HIGH
    CVE-2025-31689

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.... Read more

    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-31690

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.... Read more

    Affected Products : drupal cache_utility
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-31691

    Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.... Read more

    Affected Products : drupal oauth2_server
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-31694

    Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.... Read more

    Affected Products : drupal two-factor_authentication
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-31695

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0.... Read more

    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-31696

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.... Read more

    Affected Products : drupal rapidoc_oas_field_formatter
    • Published: Mar. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293331 Results