Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-43749

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-9173

    A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched ... Read more

    Affected Products : emlog
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 4.5

    MEDIUM
    CVE-2025-4877

    There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memo... Read more

    Affected Products : libssh
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-54925

    CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 8.8

    HIGH
    CVE-2025-48164

    Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation. This issue affects SureDash: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.9

    CRITICAL
    CVE-2025-48169

    Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-49410

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-48297

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflected XSS. This issue affects Simple Link Directory: from n/a through n/a.... Read more

    Affected Products : simple_link_directory
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-49395

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.3.... Read more

    Affected Products : icons
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-49411

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.9

    MEDIUM
    CVE-2025-49890

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jorge Garcia de Bustos AWStats Script allows Stored XSS. This issue affects AWStats Script: from n/a through 0.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-49893

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in liseperu Elizaibots allows Stored XSS. This issue affects Elizaibots: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.2

    HIGH
    CVE-2025-49438

    Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3.... Read more

    Affected Products : simple_login_log
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-49426

    Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warning allows Cross Site Request Forgery. This issue affects Cookie Warning: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.9

    MEDIUM
    CVE-2025-49428

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 10.0

    CRITICAL
    CVE-2025-53577

    Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global DNS: from n/a through 3.1.0.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-54019

    Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection. This issue affects Alone: from n/a through n/a.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.9

    MEDIUM
    CVE-2025-49409

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-49422

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-49406

    Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.... Read more

    Affected Products : houzez
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
Showing 20 of 290972 Results