Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8343

    A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the ... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-27286

    Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 20, 2024
    • Modified: Sep. 03, 2025

  • 8.8

    HIGH
    CVE-2020-24363

    TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrati... Read more

    Affected Products : tl-wa855re_firmware tl-wa855re
    • Actively Exploited
    • Published: Aug. 31, 2020
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-8344

    A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument file... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-37744

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (a... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-54792

    LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discover... Read more

    Affected Products : localsend
    • Published: Aug. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-55177

    Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from... Read more

    Affected Products : whatsapp whatsapp_business
    • Actively Exploited
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-8546

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the ... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-57760

    Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create ... Read more

    Affected Products : langflow
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2022-34112

    An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.... Read more

    Affected Products : dataease dataease
    • Published: Jul. 22, 2022
    • Modified: Sep. 03, 2025

  • 8.8

    HIGH
    CVE-2022-34114

    Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.... Read more

    Affected Products : dataease dataease
    • Published: Jul. 22, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-34115

    DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.... Read more

    Affected Products : dataease dataease
    • Published: Jul. 22, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-57773

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writi... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-8547

    A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remote... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-57772

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl ... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-8548

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. ... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-8549

    A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requiremen... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-53882

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-46809

    A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-5657

    The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.... Read more

    Affected Products : two-factor_authentication
    • Published: Jun. 06, 2024
    • Modified: Sep. 03, 2025
Showing 20 of 293509 Results