Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2024-52805

    Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify de... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-52815

    Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-53863

    Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially in... Read more

    Affected Products : synapse
    • Published: Dec. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2025-30159

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name ... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-43300

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in... Read more

    Affected Products : macos iphone_os ipados
    • Actively Exploited
    • Published: Aug. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-48384

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF... Read more

    Affected Products : git git
    • Actively Exploited
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-30207

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-8069

    Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server... Read more

    Affected Products : session_recording
    • Actively Exploited
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2022-48625

    Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary.... Read more

    • Published: Feb. 20, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2025-31493

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()` method with a dynamic collection name (such as a coll... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2025-48376

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-48377

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module action... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-48378

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-51084

    hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method.... Read more

    Affected Products : yavijava hyavijava
    • EPSS Score: %0.11
    • Published: Dec. 27, 2023
    • Modified: Aug. 26, 2025

  • 7.4

    HIGH
    CVE-2025-48948

    Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configur... Read more

    Affected Products : navidrome
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-9461

    A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argume... Read more

    Affected Products : bbs
    • Published: Aug. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-57105

    The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-55611

    D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-55606

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.... Read more

    Affected Products : ax3_firmware ax3
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-55605

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.... Read more

    Affected Products : ax3_firmware ax3
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292001 Results