Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-9135

    A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android applicati... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025

  • 7.1

    HIGH
    CVE-2025-49142

    Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed... Read more

    Affected Products : nautobot
    • Published: Jun. 10, 2025
    • Modified: Aug. 21, 2025

  • 6.3

    MEDIUM
    CVE-2025-49143

    Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or R... Read more

    Affected Products : nautobot
    • Published: Jun. 10, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-27151

    Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file pa... Read more

    Affected Products : redis
    • Published: May. 29, 2025
    • Modified: Aug. 21, 2025

  • 7.1

    HIGH
    CVE-2025-7365

    A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability a... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Jul. 10, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-38866

    Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection... Read more

    Affected Products : nagvis
    • Published: May. 27, 2025
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-47090

    Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS... Read more

    Affected Products : nagvis
    • Published: May. 27, 2025
    • Modified: Aug. 21, 2025

  • 4.6

    MEDIUM
    CVE-2025-29766

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into sub... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025

  • 4.6

    MEDIUM
    CVE-2025-29929

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing ar... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025

  • 4.3

    MEDIUM
    CVE-2025-30155

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tu... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025

  • 4.8

    MEDIUM
    CVE-2025-30203

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS fee... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025

  • 5.3

    MEDIUM
    CVE-2025-30209

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Com... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-38865

    Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact g... Read more

    Affected Products : checkmk checkmk
    • Published: Apr. 10, 2025
    • Modified: Aug. 21, 2025

  • 7.6

    HIGH
    CVE-2024-57176

    An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.... Read more

    Affected Products : white-jotter
    • Published: Feb. 21, 2025
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-2245

    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitiz... Read more

    • Published: Apr. 04, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2025-55282

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a ... Read more

    Affected Products : aiven-db-migrate
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 9.1

    CRITICAL
    CVE-2025-55283

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems ... Read more

    Affected Products : aiven-db-migrate
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025

  • 4.9

    MEDIUM
    CVE-2025-51510

    MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component.... Read more

    Affected Products : moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-53631

    flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post... Read more

    Affected Products : flaskblog
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-55198

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuri... Read more

    Affected Products : helm
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
Showing 20 of 290954 Results