Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-9060

    A vulnerability has been found in the  MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerabili... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 4.3

    MEDIUM
    CVE-2025-8996

    Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-8995

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.... Read more

    Affected Products : authenticator_login
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-8675

    Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.... Read more

    Affected Products : ai_seo_link_advisor
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2025-8362

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.... Read more

    Affected Products : googletag_manager
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 7.6

    HIGH
    CVE-2025-8361

    Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.... Read more

    Affected Products : config_pages
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 7.6

    HIGH
    CVE-2025-8092

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-7961

    Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.... Read more

    Affected Products : kap
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 4.8

    MEDIUM
    CVE-2025-8066

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.... Read more

    Affected Products : bunker_web
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 5.5

    MEDIUM
    CVE-2025-55207

    Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 5.9

    MEDIUM
    CVE-2025-49898

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 8.5

    HIGH
    CVE-2025-49897

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 5.3

    MEDIUM
    CVE-2025-49432

    Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2025-5048

    A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2025-5047

    A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2025-5046

    A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 20, 2025

  • 5.4

    MEDIUM
    CVE-2025-55203

    Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and... Read more

    Affected Products : plane
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025

  • 7.5

    HIGH
    CVE-2025-54989

    Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. I... Read more

    Affected Products : firebird
    • Published: Aug. 15, 2025
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-54466

    Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can explo... Read more

    Affected Products : ofbiz
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-24975

    Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the... Read more

    Affected Products : firebird
    • Published: Aug. 15, 2025
    • Modified: Aug. 22, 2025
Showing 20 of 290943 Results