Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2020-10650

    A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jnd... Read more

    • EPSS Score: %5.16
    • Published: Dec. 26, 2022
    • Modified: Aug. 19, 2025

  • 8.0

    HIGH
    CVE-2022-21661

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certai... Read more

    Affected Products : fedora debian_linux wordpress
    • EPSS Score: %90.23
    • Published: Jan. 06, 2022
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2025-6230

    A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.... Read more

    Affected Products : vantage commercial_vantage
    • Published: Jul. 17, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-7848

    A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerabil... Read more

    Affected Products : labview
    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-8927

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be con... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 3.3

    LOW
    CVE-2024-9026

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 character... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 8.8

    HIGH
    CVE-2024-8926

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-8925

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to cont... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 8.5

    HIGH
    CVE-2025-7361

    A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vul... Read more

    Affected Products : windows labview
    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-5417

    An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, ca... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-52392

    Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative acces... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-2634

    Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This v... Read more

    Affected Products : labview
    • Published: Jul. 23, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-2633

    Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially craf... Read more

    Affected Products : labview
    • Published: Jul. 23, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-22315

    IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.... Read more

    • Published: Jan. 28, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-7849

    A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This v... Read more

    Affected Products : labview
    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-51501

    Reflected Cross-Site Scripting (XSS) in the id parameter of the live_edit.module_settings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript.... Read more

    Affected Products : microweber cockpit
    • Published: Aug. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-51502

    Reflected Cross-Site Scripting (XSS) in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users.... Read more

    Affected Products : microweber cockpit
    • Published: Aug. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-51504

    Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field.... Read more

    Affected Products : microweber cockpit
    • Published: Aug. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-32829

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remot... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32830

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to byp... Read more

    Affected Products : telecontrol_server_basic
    • Published: Apr. 16, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Injection
Showing 20 of 292110 Results