Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-23369

    An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already... Read more

    Affected Products : enterprise_server
    • Published: Jan. 21, 2025
    • Modified: Feb. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-55504

    An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Feb. 04, 2025

  • 6.4

    MEDIUM
    CVE-2024-51417

    An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Feb. 04, 2025

  • 6.5

    MEDIUM
    CVE-2025-24461

    In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint... Read more

    Affected Products : teamcity
    • Published: Jan. 21, 2025
    • Modified: Jan. 30, 2025

  • 4.3

    MEDIUM
    CVE-2025-24460

    In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool... Read more

    Affected Products : teamcity
    • Published: Jan. 21, 2025
    • Modified: Jan. 30, 2025

  • 6.1

    MEDIUM
    CVE-2025-24459

    In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page... Read more

    Affected Products : teamcity
    • Published: Jan. 21, 2025
    • Modified: Jan. 30, 2025

  • 7.8

    HIGH
    CVE-2025-24458

    In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration... Read more

    Affected Products : youtrack
    • Published: Jan. 21, 2025
    • Modified: Jan. 30, 2025

  • 5.5

    MEDIUM
    CVE-2025-24457

    In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs... Read more

    Affected Products : youtrack
    • Published: Jan. 21, 2025
    • Modified: Jan. 30, 2025

  • 8.8

    HIGH
    CVE-2025-24456

    In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping... Read more

    Affected Products : hub
    • Published: Jan. 21, 2025
    • Modified: Jan. 30, 2025

  • 6.1

    MEDIUM
    CVE-2025-24020

    WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipu... Read more

    Affected Products : wegia
    • Published: Jan. 21, 2025
    • Modified: Feb. 13, 2025

  • 7.1

    HIGH
    CVE-2025-24019

    YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host withou... Read more

    Affected Products : yeswiki
    • Published: Jan. 21, 2025
    • Modified: May. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-23996

    Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request Forgery. This issue affects AnyRoad: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23994

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings allows Stored XSS. This issue affects Estatebud – Properties & Listings: from n/a through 5.5.0.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23580

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Garvin BizLibrary allows Reflected XSS. This issue affects BizLibrary: from n/a through 1.1.... Read more

    Affected Products : bizlibrary
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23551

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P. Razvan SexBundle allows Reflected XSS. This issue affects SexBundle: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23489

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner of WebDevStudios WP-Announcements allows Reflected XSS. This issue affects WP-Announcements: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 8.2

    HIGH
    CVE-2025-23477

    Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45.... Read more

    Affected Products : realty_workstation
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23461

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Dotta, Jacopo Campani, di xkoll.com Social2Blog allows Reflected XSS. This issue affects Social2Blog: from n/a through 0.2.990.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 7.1

    HIGH
    CVE-2025-23454

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook allows Reflected XSS. This issue affects Nature FlipBook: from n/a through 1.7.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2025-22722

    Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
Showing 20 of 291150 Results