Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2023-47855

    Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 8.2

    HIGH
    CVE-2023-45745

    Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 8.3

    HIGH
    CVE-2024-21801

    Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 14, 2024
    • Modified: Sep. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-33607

    Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 12, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-1908

    An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the se... Read more

    Affected Products : enterprise_server
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-27290

    Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has ... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-27291

    Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 7.5

    HIGH
    CVE-2024-27292

    Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has ... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-28244

    KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid... Read more

    Affected Products : katex
    • Published: Mar. 25, 2024
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-40707

    Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more

    Affected Products : openatlas
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-40708

    Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more

    Affected Products : openatlas
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-40709

    Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more

    Affected Products : openatlas
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-9643

    A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection.... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9644

    A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is p... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9645

    A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The ex... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-54080

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to wri... Read more

    Affected Products : exiv2
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2024-28245

    KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX ... Read more

    Affected Products : katex
    • Published: Mar. 25, 2024
    • Modified: Sep. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-55304

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetad... Read more

    Affected Products : exiv2
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-5079

    A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack ma... Read more

    Affected Products : online_shopping_portal
    • Published: May. 22, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5078

    A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be ca... Read more

    Affected Products : online_shopping_portal
    • Published: May. 22, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection
Showing 20 of 292803 Results