Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-49524

    Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in servi... Read more

    Affected Products : macos windows illustrator
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-4287

    In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/upd... Read more

    Affected Products : anythingllm
    • Published: May. 20, 2024
    • Modified: Jul. 10, 2025

  • 6.7

    MEDIUM
    CVE-2024-21302

    Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on h... Read more

    • Published: Aug. 08, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2012-4688

    The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.... Read more

    Affected Products : oplynx
    • EPSS Score: %0.49
    • Published: Dec. 31, 2012
    • Modified: Jul. 10, 2025

  • 7.6

    HIGH
    CVE-2024-30246

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not ... Read more

    Affected Products : tuleap
    • Published: Mar. 29, 2024
    • Modified: Jul. 10, 2025

  • 9.1

    CRITICAL
    CVE-2023-48082

    Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.... Read more

    Affected Products : nagios_xi
    • Published: Oct. 14, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-27094

    Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribu... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-27099

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timefr... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-10593

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validat... Read more

    Affected Products : wpforms
    • Published: Nov. 13, 2024
    • Modified: Jul. 10, 2025

  • 6.6

    MEDIUM
    CVE-2023-35701

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client)... Read more

    Affected Products : hive
    • Published: May. 03, 2024
    • Modified: Jul. 10, 2025

  • 6.8

    MEDIUM
    CVE-2021-3740

    A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorize... Read more

    Affected Products : chatwoot
    • Published: Nov. 15, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-5897

    A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation ... Read more

    Affected Products : vue_cli
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-34365

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommende... Read more

    Affected Products : karaf_cave
    • Published: May. 14, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2025-5896

    A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complex... Read more

    Affected Products : taro
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5895

    A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to... Read more

    Affected Products : metabase
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5892

    A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line lea... Read more

    Affected Products : rocket.chat
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-5891

    A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remo... Read more

    Affected Products : pm2
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-4321

    A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during th... Read more

    Affected Products : chuanhuchatgpt
    • Published: May. 16, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2025-5887

    A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site script... Read more

    Affected Products : webstack-guns
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32725

    Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291712 Results