Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-45648

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafte... Read more

    Affected Products : debian_linux tomcat
    • EPSS Score: %0.54
    • Published: Oct. 10, 2023
    • Modified: Aug. 07, 2025

  • 5.3

    MEDIUM
    CVE-2023-42795

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause... Read more

    Affected Products : debian_linux tomcat
    • EPSS Score: %0.51
    • Published: Oct. 10, 2023
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2023-41080

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0... Read more

    Affected Products : debian_linux tomcat
    • EPSS Score: %11.12
    • Published: Aug. 25, 2023
    • Modified: Aug. 07, 2025

  • 4.3

    MEDIUM
    CVE-2023-28708

    When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and ... Read more

    Affected Products : tomcat
    • EPSS Score: %0.15
    • Published: Mar. 22, 2023
    • Modified: Aug. 07, 2025

  • 6.5

    MEDIUM
    CVE-2025-40918

    Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-4373

    A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.... Read more

    • Published: May. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-49796

    A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-49794

    A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious ... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-50286

    A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary P... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-50484

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.... Read more

    Affected Products : small_crm
    • Published: Jul. 28, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-45893

    OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a m... Read more

    Affected Products : opencart
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51398

    A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-51403

    A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51401

    A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51400

    A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51397

    A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-51396

    A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-49087

    In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-47917

    Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The do... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-48965

    Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Jul. 20, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291737 Results