Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2025-49007

    Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-20... Read more

    Affected Products : rack
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-20286

    A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited admini... Read more

    Affected Products : identity_services_engine
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-3055

    The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated atta... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-5690

    PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynami... Read more

    Affected Products : anonymizer
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 9.4

    CRITICAL
    CVE-2025-49008

    Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheo... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-5683

    When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-2336

    Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owa... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-9277

    A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation... Read more

    Affected Products : langflow
    • Published: Sep. 27, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-8706

    A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads ... Read more

    Affected Products : jfinalcms
    • Published: Sep. 12, 2024
    • Modified: Jun. 05, 2025

  • 5.1

    MEDIUM
    CVE-2024-8694

    A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument... Read more

    Affected Products : jfinalcms
    • Published: Sep. 11, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-5379

    A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be in... Read more

    Affected Products : jfinalcms
    • Published: May. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-5310

    A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remo... Read more

    Affected Products : jfinalcms
    • Published: May. 24, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-3431

    A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to dese... Read more

    Affected Products : eyoucms
    • Published: Apr. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-2014

    A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated rem... Read more

    Affected Products : panalog
    • Published: Mar. 21, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-1840

    A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql... Read more

    Affected Products : cdg
    • Published: Mar. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1812

    A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to la... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-13194

    A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched... Read more

    Affected Products : sucms
    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-13192

    A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is pos... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2024-12842

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiat... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-4937

    A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection
Showing 20 of 292768 Results