Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-55732

    Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the... Read more

    Affected Products : frappe
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32451

    A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and... Read more

    Affected Products : pdf_reader
    • Published: Aug. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-47152

    An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially le... Read more

    Affected Products : pdf-xchange_editor
    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-27931

    An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the... Read more

    Affected Products : pdf-xchange_editor
    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2024-51447

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This c... Read more

    Affected Products : polarion_alm
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-40566

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauth... Read more

    Affected Products : simatic_pcs_neo
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-32917

    Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.... Read more

    Affected Products : checkmk checkmk
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-47783

    Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actio... Read more

    Affected Products : label_studio
    • Published: May. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2527

    Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2022-1615

    In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.... Read more

    Affected Products : fedora samba
    • EPSS Score: %0.12
    • Published: Sep. 01, 2022
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-55626

    An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-1712

    Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files... Read more

    Affected Products : checkmk checkmk
    • Published: May. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2022-31807

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a malic... Read more

    • Published: May. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2022-31812

    A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unau... Read more

    Affected Products : sipass_integrated
    • Published: May. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-6124

    A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiate... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-5054

    Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crash... Read more

    Affected Products : ubuntu_linux apport
    • Published: May. 30, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Race Condition

  • 3.0

    LOW
    CVE-2021-25743

    kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.31
    • Published: Jan. 07, 2022
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-49575

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This im... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-49576

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbi... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49577

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in ... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291717 Results