Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2025-54175

    QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality.  An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-54174

    QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined... Read more

    Affected Products : quick.cms
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-54172

    QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is... Read more

    Affected Products : quick.cms
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-4877

    There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memo... Read more

    Affected Products : libssh
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-4437

    There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file i... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-43750

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthent... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-43749

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-8102

    The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. Thi... Read more

    Affected Products : easy_digital_downloads
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-7777

    The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-43742

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-43741

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-9173

    A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched ... Read more

    Affected Products : emlog
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57734

    In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-57733

    In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-57732

    In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-57731

    In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content... Read more

    Affected Products : youtrack
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.2

    MEDIUM
    CVE-2025-57730

    In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-57729

    In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57728

    In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-57727

    In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292523 Results