Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-29926

    XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this R... Read more

    Affected Products : xwiki
    • Published: Mar. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-29925

    XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if... Read more

    Affected Products : xwiki
    • Published: Mar. 19, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-29924

    XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregis... Read more

    Affected Products : xwiki
    • Published: Mar. 19, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-29405

    An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : emlog
    • Published: Mar. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-25132

    A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive times... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-29118

    Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Mar. 19, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-0431

    Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslas... Read more

    Affected Products : enterprise_protection
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-53970

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Mar. 19, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53969

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment... Read more

    • Published: Mar. 19, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53968

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment... Read more

    • Published: Mar. 19, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53967

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment... Read more

    • Published: Mar. 19, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-30197

    Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-30196

    Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-30154

    reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog... Read more

    • Actively Exploited
    • Published: Mar. 19, 2025
    • Modified: Mar. 29, 2025
    • Vuln Type: Supply Chain

  • 7.5

    HIGH
    CVE-2025-30153

    kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing the server to con... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-30152

    The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment au... Read more

    Affected Products : sylius
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30144

    fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss (issuer) claim validation within the fast-jwt library permits an array of strings as a... Read more

    Affected Products : fast-jwt
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2324

    Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, fr... Read more

    Affected Products : moveit_transfer
    • Published: Mar. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-29783

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on di... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-29770

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled gram... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293353 Results