Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-53098

    Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary com... Read more

    Affected Products : roo_code
    • Published: Jun. 27, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-58373

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to... Read more

    Affected Products : roo_code
    • Published: Sep. 05, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-58374

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Be... Read more

    Affected Products : roo_code
    • Published: Sep. 06, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Supply Chain

  • 8.1

    HIGH
    CVE-2025-53536

    Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ... Read more

    Affected Products : roo_code
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2024-57248

    Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass ac... Read more

    Affected Products : filevista
    • Published: Feb. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2024-41656

    Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subs... Read more

    Affected Products : sentry
    • Published: Jul. 23, 2024
    • Modified: Sep. 15, 2025

  • 5.3

    MEDIUM
    CVE-2024-53253

    Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret f... Read more

    Affected Products : sentry
    • Published: Nov. 22, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2025-53099

    Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code w... Read more

    Affected Products : sentry
    • Published: Jul. 01, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2024-57249

    Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co... Read more

    Affected Products : filevista
    • Published: Feb. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-54911

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-27354

    An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality ... Read more

    Affected Products : debian_linux phpseclib
    • Published: Mar. 01, 2024
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-25221

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25222

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-7099

    A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument d... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-7100

    A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. Th... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7101

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code in... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7102

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack c... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-7103

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. T... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2024-22188

    TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed vers... Read more

    Affected Products : typo3
    • Published: Mar. 05, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-27355

    An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeO... Read more

    Affected Products : debian_linux phpseclib
    • Published: Mar. 01, 2024
    • Modified: Sep. 15, 2025
Showing 20 of 293951 Results