Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-53099

    Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code w... Read more

    Affected Products : sentry
    • Published: Jul. 01, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2024-57249

    Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co... Read more

    Affected Products : filevista
    • Published: Feb. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-54911

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-27354

    An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality ... Read more

    Affected Products : debian_linux phpseclib
    • Published: Mar. 01, 2024
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-25221

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25222

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-7099

    A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument d... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-7100

    A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. Th... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7101

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code in... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7102

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack c... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-7103

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. T... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2024-22188

    TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed vers... Read more

    Affected Products : typo3
    • Published: Mar. 05, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-27355

    An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeO... Read more

    Affected Products : debian_linux phpseclib
    • Published: Mar. 01, 2024
    • Modified: Sep. 15, 2025

  • 5.8

    MEDIUM
    CVE-2025-25223

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-24323

    SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.... Read more

    Affected Products : litemall litemall
    • Published: Feb. 27, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2025-25224

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2024-32474

    Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An... Read more

    Affected Products : sentry
    • Published: Apr. 18, 2024
    • Modified: Sep. 15, 2025

  • 7.0

    HIGH
    CVE-2024-22905

    Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.... Read more

    Affected Products : mbed_os
    • Published: Apr. 19, 2024
    • Modified: Sep. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-22807

    An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption.... Read more

    • Published: Apr. 22, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-22808

    An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory... Read more

    • Published: Apr. 22, 2024
    • Modified: Sep. 15, 2025
Showing 20 of 294210 Results