Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-48064

    GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-48063

    XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as ... Read more

    Affected Products : xwiki
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-48060

    jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As... Read more

    Affected Products : jq
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-47291

    containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, th... Read more

    Affected Products : containerd
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-46822

    OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 5.7

    MEDIUM
    CVE-2025-2102

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5032

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-5031

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-5030

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os comm... Read more

    Affected Products : killwxapkg
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4416

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.... Read more

    Affected Products : events_log_track
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-4415

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.... Read more

    Affected Products : piwik_pro
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-48012

    Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-48011

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-48010

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-48009

    Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.... Read more

    Affected Products : single_content_sync
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-45754

    A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.... Read more

    Affected Products : seeddms
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25539

    Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-20267

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insu... Read more

    Affected Products : identity_services_engine
    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20258

    A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-20257

    A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate al... Read more

    Affected Products : secure_network_analytics
    • Published: May. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization
Showing 20 of 293497 Results