Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-55740

    nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration f... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-55737

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete req... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-52337

    An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-51543

    An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-50926

    Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-43744

    A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-43743

    Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticate... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-2988

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.... Read more

    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-9154

    A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remo... Read more

    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-9153

    A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The att... Read more

    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-55736

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-55735

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe ... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-55734

    flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when ... Read more

    Affected Products : flaskblog
    • Published: Aug. 19, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2025-55733

    DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any we... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-55306

    GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could ... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-55303

    Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-52338

    An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-50891

    Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code via cookie hijacking.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-43745

    A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.1... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-43737

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_po... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 19, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291891 Results