Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-48889

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature ... Read more

    Affected Products : gradio
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2025-48881

    Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 6.6

    MEDIUM
    CVE-2025-48490

    Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-41235

    Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-48484

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-48483

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitiz... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-48482

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill() method, which processes fields such as channel and channel_id. However, the f... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-48481

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or del... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-48480

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess dur... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-48479

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2025-48478

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-48477

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the funct... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48476

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-48491

    Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-48381

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, la... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-48068

    Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router ... Read more

    Affected Products : next.js
    • Published: May. 30, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 2.9

    LOW
    CVE-2025-47952

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to ... Read more

    Affected Products : traefik
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-44906

    jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.... Read more

    Affected Products : jhead
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44905

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44904

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291887 Results