Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-1278

    An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.... Read more

    Affected Products : gitlab
    • Published: May. 09, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-2254

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.... Read more

    Affected Products : gitlab
    • Published: Jun. 12, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1516

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.... Read more

    Affected Products : gitlab
    • Published: Jun. 12, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1478

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.... Read more

    Affected Products : gitlab
    • Published: Jun. 12, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-1763

    An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before ... Read more

    Affected Products : gitlab
    • Published: May. 30, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2023-44437

    Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 7.5

    HIGH
    CVE-2024-3717

    The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it... Read more

    • Published: May. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.7

    HIGH
    CVE-2025-4439

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served thro... Read more

    Affected Products : gitlab
    • Published: Jul. 23, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-4700

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content... Read more

    Affected Products : gitlab
    • Published: Jul. 23, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-1180

    TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploi... Read more

    Affected Products : omada_er605_firmware omada_er605
    • Published: Apr. 03, 2024
    • Modified: Aug. 08, 2025

  • 4.3

    MEDIUM
    CVE-2025-0765

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-30364

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-30365

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-30367

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-30371

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.5

    HIGH
    CVE-2024-9163

    A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.... Read more

    Affected Products : gitlab
    • Published: May. 23, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-30322

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Apr. 03, 2024
    • Modified: Aug. 08, 2025

  • 4.3

    MEDIUM
    CVE-2025-8577

    Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-8579

    Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-8580

    Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291400 Results