Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-43749

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-8102

    The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. Thi... Read more

    Affected Products : easy_digital_downloads
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-7777

    The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-43742

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-43741

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-9173

    A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched ... Read more

    Affected Products : emlog
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57734

    In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-57733

    In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-57732

    In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-57731

    In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content... Read more

    Affected Products : youtrack
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.2

    MEDIUM
    CVE-2025-57730

    In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-57729

    In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57728

    In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-57727

    In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-9229

    Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-9228

    MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-5261

    Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-5260

    Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2024-39954

    CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to ver... Read more

    Affected Products : eventmesh
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-9225

    Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292795 Results