Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-2339

    A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The e... Read more

    Affected Products : tale_blog
    • Published: Mar. 16, 2025
    • Modified: Aug. 26, 2025

  • 4.8

    MEDIUM
    CVE-2025-2340

    A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cro... Read more

    Affected Products : tale_blog
    • Published: Mar. 16, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2024-32741

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2025-3566

    A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted uploa... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-2506

    When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated table... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-29088

    In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may... Read more

    Affected Products : sqlite
    • Published: Apr. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-28168

    The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modi... Read more

    Affected Products : multiple_file_upload
    • Published: May. 05, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 2.9

    LOW
    CVE-2025-27400

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerabil... Read more

    Affected Products : magento
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26877

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Users allows Stored XSS. This issue affects Front End Users: from n/a through 3.2.30.... Read more

    Affected Products : front_end_users
    • Published: Feb. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-26876

    Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.... Read more

    Affected Products : search_with_typesense
    • Published: Feb. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-26318

    hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.... Read more

    Affected Products : tsplus_remote_access
    • Published: Mar. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-23798

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1.... Read more

    Affected Products : buddypress
    • Published: Jan. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-22598

    WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the loca... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-22597

    WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the ... Read more

    Affected Products : wegia
    • Published: Jan. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22532

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10.... Read more

    Affected Products :
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-22531

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter – Shamil allows Stored XSS.This issue affects Urdu Formatter – Shamil: from n/a through 0.1.... Read more

    Affected Products : urdu_formatter
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-21614

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing ... Read more

    Affected Products : go-git
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2025-21612

    TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2... Read more

    Affected Products :
    • Published: Jan. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1546

    A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-1403

    Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.... Read more

    Affected Products : qiskit
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292055 Results