Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-53387

    A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : umeditor
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-45782

    A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may r... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-45778

    A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-27420

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the atendido_parentesco_adicionar.php endpoint of the WeGIA application. This vulnerability... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-27419

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by perfo... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-27418

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_tipo_atendido.php endpoint of the WeGIA application. This vulnerability allow... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-27417

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability all... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-27099

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timefr... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-27094

    Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribu... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25185

    GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft li... Read more

    Affected Products : gpt_academic gpt_academic
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-24023

    Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is... Read more

    Affected Products : flask-appbuilder
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-0555

    A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under ... Read more

    Affected Products : gitlab
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-55570

    /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with role... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-55532

    Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.... Read more

    Affected Products : ranger
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-43169

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-41771

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-41770

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-1801

    A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT ... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-1125

    When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted file... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0689

    When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always ... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292817 Results