Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-2887

    During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2886

    Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target co... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2885

    Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-2878

    A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The man... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-26956

    Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-26898

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-26890

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginUs.Net HUSKY allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through 1.3.6.4.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-26874

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13.... Read more

    Affected Products : memberspace
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-26873

    Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025

  • 8.2

    HIGH
    CVE-2025-26733

    Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22740

    Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.... Read more

    Affected Products : sensei_lms
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22739

    Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.... Read more

    Affected Products : learnpress
    • Published: Mar. 27, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2024-55070

    A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.... Read more

    Affected Products : mealie
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-30093

    HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.... Read more

    Affected Products : htcondor
    • Published: Mar. 27, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29306

    An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.... Read more

    Affected Products : foxcms
    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025

  • 7.6

    HIGH
    CVE-2024-55073

    A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.... Read more

    Affected Products : mealie
    • Published: Mar. 27, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-55072

    A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.... Read more

    Affected Products : mealie
    • Published: Mar. 27, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-38272

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.... Read more

    Affected Products : cloud_pak_system
    • Published: Mar. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2023-37405

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.... Read more

    • Published: Mar. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    CRITICAL
    CVE-2025-30367

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries... Read more

    Affected Products : wegia
    • Published: Mar. 27, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection
Showing 20 of 293620 Results