Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-55006

    Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScri... Read more

    Affected Products : frappe_lms
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 5.7

    MEDIUM
    CVE-2025-55003

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-55001

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases,... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-55000

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than str... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 3.7

    LOW
    CVE-2025-54999

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timin... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2025-54998

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass ... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 9.1

    CRITICAL
    CVE-2025-54997

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing syst... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 13, 2025

  • 5.3

    MEDIUM
    CVE-2025-55152

    oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwa... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 7.2

    HIGH
    CVE-2025-54996

    OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were... Read more

    Affected Products : openbao
    • Published: Aug. 09, 2025
    • Modified: Aug. 12, 2025

  • 8.7

    HIGH
    CVE-2025-54888

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 th... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 5.2

    MEDIUM
    CVE-2025-54417

    Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerabi... Read more

    Affected Products : craft_cms
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-8744

    A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has... Read more

    Affected Products :
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 9.8

    CRITICAL
    CVE-2025-6573

    Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).... Read more

    Affected Products : ddk
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 7.5

    HIGH
    CVE-2025-46709

    Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.... Read more

    Affected Products : ddk
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 5.1

    MEDIUM
    CVE-2025-8743

    A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cros... Read more

    Affected Products : scada-lts
    • Published: Aug. 08, 2025
    • Modified: Aug. 12, 2025

  • 6.3

    MEDIUM
    CVE-2025-8742

    A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. T... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 12, 2025

  • 6.3

    MEDIUM
    CVE-2025-8741

    A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. ... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 12, 2025

  • 4.8

    MEDIUM
    CVE-2025-8740

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads t... Read more

    Affected Products : my-blog
    • Published: Aug. 08, 2025
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2025-8739

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack ma... Read more

    Affected Products : my-blog
    • Published: Aug. 08, 2025
    • Modified: Aug. 12, 2025

  • 3.6

    LOW
    CVE-2025-55188

    7-Zip before 25.01 does not always properly handle symbolic links during extraction.... Read more

    Affected Products : 7-zip
    • Published: Aug. 08, 2025
    • Modified: Aug. 18, 2025
Showing 20 of 290954 Results