Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-12612

    The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and ... Read more

    Affected Products : school_management_system
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49895

    Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-12575

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated atta... Read more

    Affected Products : poll_maker
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-55284

    Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe comm... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025

  • 7.3

    HIGH
    CVE-2025-55286

    z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-s... Read more

    Affected Products :
    • Published: Aug. 16, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2017-20199

    A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed f... Read more

    Affected Products : buttercup
    • Published: Aug. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-52621

    HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for ... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52620

    HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-52619

    HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-52618

    HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-43201

    This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.... Read more

    Affected Products : music_classical
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-8959

    HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.... Read more

    Affected Products : go-getter retryablehttp
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-36088

    IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-43490

    A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 2.6

    LOW
    CVE-2025-55285

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more

    Affected Products : backstage
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-9060

    A vulnerability has been found in the  MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerabili... Read more

    Affected Products :
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-8996

    Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8995

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.... Read more

    Affected Products : authenticator_login
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8675

    Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.... Read more

    Affected Products : ai_seo_link_advisor
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-8362

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.... Read more

    Affected Products : googletag_manager
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291617 Results