Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-54525

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 5.0

    MEDIUM
    CVE-2025-54458

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 3.7

    LOW
    CVE-2025-53857

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions e... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 3.7

    LOW
    CVE-2025-49221

    Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 7.2

    HIGH
    CVE-2025-44004

    Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoi... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-25229

    Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 6.1

    MEDIUM
    CVE-2025-42942

    SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon succ... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-42936

    The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privile... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-30184

    CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-30507

    CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-30515

    CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025

  • 8.7

    HIGH
    CVE-2025-30183

    CyberData 011209 Intercom does not properly store or protect web server admin credentials.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2025-8851

    A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is requir... Read more

    Affected Products : libtiff
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 5.1

    MEDIUM
    CVE-2025-8847

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be ... Read more

    Affected Products : ruoyi
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2025-8845

    A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit ha... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 4.8

    MEDIUM
    CVE-2025-8836

    A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be app... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 4.8

    MEDIUM
    CVE-2025-8835

    A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer der... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-8829

    A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os comma... Read more

    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025

  • 5.1

    MEDIUM
    CVE-2025-8743

    A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cros... Read more

    Affected Products : scada-lts
    • Published: Aug. 08, 2025
    • Modified: Aug. 12, 2025

  • 4.2

    MEDIUM
    CVE-2025-55013

    The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the se... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025
Showing 20 of 291058 Results