Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7877

    A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 4.7

    MEDIUM
    CVE-2025-4598

    A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as ... Read more

    • Published: May. 30, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Race Condition

  • 5.1

    MEDIUM
    CVE-2025-9145

    A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. Th... Read more

    Affected Products : scada-lts
    • Published: Aug. 19, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-7878

    A vulnerability, which was classified as critical, was found in Metasoft 美特软件 MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp. The manipulation of the argument File leads to unrestricted upload. It is possible to l... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-7879

    A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mobileupload.jsp. The manipulation of the argument File leads to unrestricted upload. Th... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-21772

    Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : oneapi_base_toolkit advisor
    • Published: May. 16, 2024
    • Modified: Aug. 27, 2025

  • 7.8

    HIGH
    CVE-2024-21831

    Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : processor_diagnostic_tool
    • Published: May. 16, 2024
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2024-52804

    Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted... Read more

    Affected Products : tornado
    • Published: Nov. 22, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-52803

    LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious ... Read more

    Affected Products : llama-factory
    • Published: Nov. 21, 2024
    • Modified: Aug. 27, 2025

  • 8.7

    HIGH
    CVE-2024-8810

    A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vu... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-10007

    A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2024-10824

    An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization ... Read more

    Affected Products : enterprise_server
    • Published: Nov. 07, 2024
    • Modified: Aug. 27, 2025

  • 8.8

    HIGH
    CVE-2025-7880

    A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/common/sms/sendsms.jsp. The manipulation of the argument File leads to unrestricted uploa... Read more

    Affected Products : metacrm
    • Published: Jul. 20, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-8132

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. Th... Read more

    Affected Products : chancms chancms
    • Published: Jul. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-8133

    A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery.... Read more

    Affected Products : chancms chancms
    • Published: Jul. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-8266

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to... Read more

    Affected Products : chancms chancms
    • Published: Jul. 28, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-8517

    A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-8518

    A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-8519

    A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to i... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-8520

    A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-... Read more

    Affected Products : vvveb
    • Published: Aug. 04, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 292228 Results