Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-0516

    Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0332

    In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.... Read more

    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-9870

    An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2024-12629

    In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.... Read more

    Affected Products : kendoreact kendoreact
    • Published: Feb. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-11343

    In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.... Read more

    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-1244

    A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website... Read more

    • Published: Feb. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1212

    An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-1206

    A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possibl... Read more

    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1202

    A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of the argument id leads to sql injection. It is possible to ... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 12, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1042

    An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-0376

    An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-54160

    dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-12379

    A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes paramet... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-12251

    In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.... Read more

    Affected Products : ui_for_winui
    • Published: Feb. 12, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-26378

    A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP re... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-26377

    A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26376

    A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-26375

    A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26374

    A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26373

    A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 291638 Results