Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-57608

    An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-27137

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates a... Read more

    Affected Products : dependency-track
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Supply Chain

  • 9.8

    CRITICAL
    CVE-2025-26533

    An SQL injection risk was identified in the module list filter within course search.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-26532

    Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-26531

    Insufficient capability checks made it possible to disable badges a user does not have permission to access.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-26530

    The question bank filter required additional sanitizing to prevent a reflected XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-26529

    Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-26528

    The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-26527

    Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26526

    Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-26525

    Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-27364

    In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server tha... Read more

    Affected Products : caldera
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-27133

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbit... Read more

    Affected Products : wegia
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-27112

    Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary u... Read more

    Affected Products : navidrome
    • Published: Feb. 24, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-57026

    TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user input in a way that allows JavaScript execution.... Read more

    Affected Products : tawk.to
    • Published: Feb. 24, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-54820

    XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-26201

    Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-26200

    SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.... Read more

    • Published: Feb. 24, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-22495

    An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-26803

    The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.... Read more

    Affected Products : passenger
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291712 Results