Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-52452

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: bef... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.5

    HIGH
    CVE-2025-52449

    Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This issue affects Tableau Server: before 202... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2025-52448

    Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Ser... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2025-52447

    Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Table... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.0

    HIGH
    CVE-2025-52446

    Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 20... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.8

    HIGH
    CVE-2025-8164

    A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated ... Read more

    Affected Products : public_chat_room
    • Published: Jul. 25, 2025
    • Modified: Aug. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-8163

    A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-5449

    A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocatio... Read more

    Affected Products : libssh
    • Published: Jul. 25, 2025
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-46199

    Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields... Read more

    Affected Products : grav
    • Published: Jul. 25, 2025
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2025-8162

    A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument params[dataScope] leads to sql injectio... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.5

    MEDIUM
    CVE-2025-8161

    A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument params[dataScope] leads to sql injection. The at... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 4.3

    MEDIUM
    CVE-2025-54596

    Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2025-45960

    Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.1

    MEDIUM
    CVE-2025-45893

    OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a m... Read more

    Affected Products : opencart
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-45892

    OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inje... Read more

    Affected Products : opencart
    • Published: Jul. 25, 2025
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-45406

    A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attackers ca... Read more

    Affected Products : codeigniter
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 6.3

    MEDIUM
    CVE-2025-36728

    Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.3

    HIGH
    CVE-2025-36727

    Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-29631

    An issue in Gardyn 4 allows a remote attacker execute arbitrary code... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025

  • 8.1

    HIGH
    CVE-2025-29630

    An issue in Gardyn 4 allows a remote attacker with the corresponding ssh private key can gain remote root access to affected devices... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
Showing 20 of 291014 Results