Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2023-48082

    Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.... Read more

    Affected Products : nagios_xi
    • Published: Oct. 14, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-27094

    Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribu... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-27099

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timefr... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-10593

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validat... Read more

    Affected Products : wpforms
    • Published: Nov. 13, 2024
    • Modified: Jul. 10, 2025

  • 6.6

    MEDIUM
    CVE-2023-35701

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client)... Read more

    Affected Products : hive
    • Published: May. 03, 2024
    • Modified: Jul. 10, 2025

  • 6.8

    MEDIUM
    CVE-2021-3740

    A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorize... Read more

    Affected Products : chatwoot
    • Published: Nov. 15, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-5897

    A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation ... Read more

    Affected Products : vue_cli
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-34365

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommende... Read more

    Affected Products : karaf_cave
    • Published: May. 14, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-5896

    A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complex... Read more

    Affected Products : taro
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5895

    A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to... Read more

    Affected Products : metabase
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5892

    A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line lea... Read more

    Affected Products : rocket.chat
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-5891

    A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remo... Read more

    Affected Products : pm2
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-4321

    A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during th... Read more

    Affected Products : chuanhuchatgpt
    • Published: May. 16, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5887

    A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site script... Read more

    Affected Products : webstack-guns
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32725

    Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-33050

    Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-32724

    Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-33052

    Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2024-4284

    A vulnerability in mintplex-labs/anything-llm allows for a denial of service (DoS) condition through the modification of a user's `id` attribute to a value of 0. This issue affects the current version of the software, with the latest commit id `57984fa85c... Read more

    Affected Products : anythingllm
    • Published: May. 19, 2024
    • Modified: Jul. 10, 2025

  • 6.4

    MEDIUM
    CVE-2024-10172

    The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and out... Read more

    • Published: Nov. 21, 2024
    • Modified: Jul. 10, 2025
Showing 20 of 291419 Results