Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45872

    zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.... Read more

    Affected Products : zrlog
    • Published: Jul. 01, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-53632

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authen... Read more

    Affected Products : chall-manager
    • Published: Jul. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-53633

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does no... Read more

    Affected Products : chall-manager
    • Published: Jul. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-53634

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not requi... Read more

    Affected Products : chall-manager
    • Published: Jul. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53643

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version... Read more

    Affected Products : aiohttp
    • Published: Jul. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-53925

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authe... Read more

    Affected Products : emlog
    • Published: Jul. 16, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53926

    Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requir... Read more

    Affected Products : emlog
    • Published: Jul. 16, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6485

    A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. ... Read more

    • Published: Jun. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-48387

    tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a wor... Read more

    Affected Products : npm tar-fs
    • Published: Jun. 02, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-54786

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated ... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-54788

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can ... Read more

    Affected Products : suitecrm
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-52680

    EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.... Read more

    Affected Products : eyoucms
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-50952

    openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.... Read more

    Affected Products : openjpeg
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2024-56339

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.6

    MEDIUM
    CVE-2025-44779

    An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.... Read more

    Affected Products : ollama
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-7054

    Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/d... Read more

    Affected Products : quiche
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-50692

    FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.... Read more

    Affected Products : foxcms
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-48913

    If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users ... Read more

    Affected Products : cxf
    • Published: Aug. 08, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2023-38264

    The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deser... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-43040

    IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.... Read more

    Affected Products : storage_fusion_hci
    • Published: May. 14, 2024
    • Modified: Aug. 14, 2025
Showing 20 of 292495 Results