Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54336

    In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in adm... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-50674

    An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-45271

    An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.... Read more

    • Published: Oct. 15, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2023-2530

    A privilege escalation allowing remote code execution was discovered in the orchestration service.... Read more

    Affected Products : puppet_enterprise
    • Published: Jun. 07, 2023
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2018-10631

    The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary exec... Read more

    • Published: Jul. 13, 2018
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-37302

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is ... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-37303

    Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then al... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.2

    HIGH
    CVE-2024-52805

    Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify de... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-52815

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-53863

    Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially in... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2025-30159

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name ... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-43300

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in... Read more

    Affected Products : macos iphone_os ipados
    • Actively Exploited
    • Published: Aug. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-48384

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF... Read more

    Affected Products : git git
    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-30207

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-8069

    Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server... Read more

    Affected Products : session_recording
    • Actively Exploited
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2022-48625

    Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.... Read more

    • Published: Feb. 20, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2025-31493

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a coll... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2025-48376

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-48377

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module action... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-48378

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293262 Results