Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-7969

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-... Read more

    Affected Products : markdown-it
    • Published: Aug. 21, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-27696

    Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to ver... Read more

    Affected Products : superset
    • Published: May. 13, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-7221

    A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. ... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-7220

    A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possibl... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-7219

    A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql inject... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-7218

    A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack m... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-45031

    When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads cou... Read more

    Affected Products : syncope
    • Published: Oct. 24, 2024
    • Modified: Sep. 01, 2025

  • 8.6

    HIGH
    CVE-2024-37358

    Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version... Read more

    Affected Products : james james_server
    • Published: Feb. 06, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2024-9143

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even ... Read more

    Affected Products : openssl
    • Published: Oct. 16, 2024
    • Modified: Sep. 01, 2025

  • 9.1

    CRITICAL
    CVE-2024-5535

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequence... Read more

    Affected Products : openssl
    • Published: Jun. 27, 2024
    • Modified: Sep. 01, 2025

  • 5.9

    MEDIUM
    CVE-2024-13987

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-o... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7345

    A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding... Read more

    • Published: Jul. 08, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2023-6270

    A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access ... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: Jan. 04, 2024
    • Modified: Aug. 30, 2025

  • 5.9

    MEDIUM
    CVE-2025-9341

    Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive A... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 22, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-49405

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.... Read more

    Affected Products : houzez
    • Published: Aug. 28, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-5141

    A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix ... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-9945

    An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Dec. 13, 2024
    • Modified: Aug. 29, 2025

  • 8.8

    HIGH
    CVE-2024-9054

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-7490

    Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program rou... Read more

    Affected Products : advanced_software_framework
    • Published: Aug. 08, 2024
    • Modified: Aug. 29, 2025

  • 8.4

    HIGH
    CVE-2024-6769

    A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a ... Read more

    • Published: Sep. 26, 2024
    • Modified: Aug. 29, 2025
Showing 20 of 293280 Results