Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-8810

    A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vu... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-10007

    A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-10824

    An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2025-7880

    A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/common/sms/sendsms.jsp. The manipulation of the argument File leads to unrestricted uploa... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-8132

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. Th... Read more

    Affected Products : chancms chancms
    • Published: Jul. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-8133

    A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery.... Read more

    Affected Products : chancms chancms
    • Published: Jul. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-8266

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to... Read more

    Affected Products : chancms chancms
    • Published: Jul. 28, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-8517

    A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-8518

    A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-8519

    A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to i... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-8520

    A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.0

    MEDIUM
    CVE-2025-8522

    A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to la... Read more

    Affected Products : vvvebjs
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-8521

    A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation le... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-41130

    llama.cpp provides LLM inference in C/C++. Prior to b3427, llama.cpp contains a null pointer dereference in gguf_init_from_file. This vulnerability is fixed in b3427.... Read more

    Affected Products : llama.cpp llama.cpp
    • Published: Jul. 22, 2024
    • Modified: Aug. 27, 2025

  • 5.9

    MEDIUM
    CVE-2024-6388

    Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.... Read more

    Affected Products : ubuntu_advantage_desktop_daemon
    • Published: Jun. 27, 2024
    • Modified: Aug. 27, 2025

  • 5.5

    MEDIUM
    CVE-2015-7313

    LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.... Read more

    Affected Products : libtiff
    • Published: Mar. 17, 2017
    • Modified: Aug. 27, 2025

  • 6.4

    MEDIUM
    CVE-2024-2165

    The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for a... Read more

    Affected Products : seopress
    • Published: Apr. 09, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-2125

    The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it po... Read more

    Affected Products : envialosimple
    • Published: Apr. 09, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2024-29169

    Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on t... Read more

    Affected Products : secure_connect_gateway
    • Published: Jun. 13, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-29152

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband so... Read more

    • Published: Jun. 04, 2024
    • Modified: Aug. 27, 2025
Showing 20 of 293329 Results