Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-3646

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulner... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 7.5

    HIGH
    CVE-2025-32873

    An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of... Read more

    Affected Products : django
    • Published: May. 08, 2025
    • Modified: Sep. 02, 2025

  • 8.0

    HIGH
    CVE-2024-3684

    A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storag... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2024-2440

    A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-8792

    A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The expl... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-8793

    A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack ca... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-8794

    A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to author... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-8795

    A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-8796

    A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID ... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-8797

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. T... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-8812

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the... Read more

    Affected Products : pybbs
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8813

    A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument... Read more

    Affected Products : pybbs
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-8814

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack ma... Read more

    Affected Products : pybbs
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-3733

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.... Read more

    Affected Products : baguettebox.js
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-3734

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5.... Read more

    Affected Products : stage_file_proxy
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-3735

    Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.... Read more

    Affected Products : panelizer_\(obsolete\)
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3736

    Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.... Read more

    Affected Products : simple_gtm
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3737

    Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.... Read more

    Affected Products : _store_locator_project
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-33663

    python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.... Read more

    Affected Products : python-jose
    • Published: Apr. 26, 2024
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2025-3738

    Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.... Read more

    Affected Products : google_optimize
    • Published: Apr. 16, 2025
    • Modified: Sep. 02, 2025
Showing 20 of 292795 Results