Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-52094

    Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-52085

    An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but no... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-51092

    The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn() and signUp() build queries by directly concatenating user input and unvalidated table names without... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-50900

    An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-de... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-50859

    Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-50858

    Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-50733

    NextChat contains a cross-site scripting (XSS) vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29366

    In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-53494

    Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-50644

    zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-48949

    Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw... Read more

    Affected Products : navidrome
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8226

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is pos... Read more

    Affected Products : chancms chancms
    • Published: Jul. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8227

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization.... Read more

    Affected Products : chancms chancms
    • Published: Jul. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8228

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forger... Read more

    Affected Products : chancms chancms
    • Published: Jul. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-54879

    Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system ha... Read more

    Affected Products : mastodon
    • Published: Aug. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7824

    A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit h... Read more

    Affected Products : jinher_oa
    • Published: Jul. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2025-57704

    Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 6.9

    MEDIUM
    CVE-2025-57804

    h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers down... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-53419

    Delta Electronics COMMGR has Code Injection vulnerability.... Read more

    Affected Products : commgr
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-8700

    Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memor... Read more

    Affected Products :
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293249 Results