Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-25692

    A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25691

    A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : prestashop
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2024-45955

    Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.... Read more

    Affected Products : zena
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-8353

    UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard c... Read more

    Affected Products : devolutions_server
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-8312

    Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * D... Read more

    Affected Products : devolutions_server
    • Published: Jul. 30, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-54656

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs witho... Read more

    Affected Products : struts_extras
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-50578

    LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and ... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2023-2593

    A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the s... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-54573

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email a... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-54433

    Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A special... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-53944

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an authorization bypass vulnerability. While it correctly va... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Jul. 30, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-53357

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can a... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-53113

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use t... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53112

    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific ... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53111

    GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.... Read more

    Affected Products : glpi
    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-46811

    A Missing Authentication for Critical Function vulnerability in SUSE Manager allows anyone with access to the websocket at /rhn/websocket/minion/remote-commands to execute arbitrary commands as root. This issue affects Container suse/manager/5.0/x86_6... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-43018

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-45515

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can expl... Read more

    Affected Products : collaboration
    • Published: Jul. 30, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-54572

    The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because ... Read more

    Affected Products : ruby-saml
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-54430

    dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benc... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Supply Chain
Showing 20 of 291638 Results