Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-3572

    The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access... Read more

    Affected Products : scrapy
    • Published: Apr. 16, 2024
    • Modified: Jul. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-4784

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtella: before 26.05.2025.... Read more

    Affected Products : tourtella
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-45731

    A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.... Read more

    Affected Products : 2fauth
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-7001

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should hav... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-46171

    vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing... Read more

    Affected Products : vbulletin
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-54453

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-54452

    Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54451

    Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-30065

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.... Read more

    Affected Products : parquet parquet_java
    • Published: Apr. 01, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2025-3891

    A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consis... Read more

    • Published: Apr. 29, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-4976

    An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8044

    Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8043

    Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 7.1

    HIGH
    CVE-2024-1456

    An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.... Read more

    Affected Products : h2o
    • Published: Apr. 16, 2024
    • Modified: Jul. 28, 2025

  • 8.1

    HIGH
    CVE-2025-8039

    In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2025-48924

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) c... Read more

    Affected Products : commons_lang
    • Published: Jul. 11, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-1299

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorize... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46421

    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that iss... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46420

    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8135

    A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. T... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection
Showing 20 of 293588 Results