Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-32391

    HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by ex... Read more

    Affected Products : hedgedoc
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-32383

    MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow... Read more

    Affected Products : maxkb
    • Published: Apr. 10, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-2469

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.... Read more

    Affected Products : gitlab
    • Published: Apr. 10, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-29088

    In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may... Read more

    Affected Products : sqlite
    • Published: Apr. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-29017

    A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.... Read more

    • Published: Apr. 10, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2023-43037

    IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.... Read more

    Affected Products : maximo_application_suite
    • Published: Apr. 10, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2023-43035

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Apr. 10, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2023-42007

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    • Published: Apr. 10, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-30148

    Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payl... Read more

    Affected Products : framework
    • Published: Apr. 10, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-2408

    An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information.... Read more

    Affected Products : gitlab
    • Published: Apr. 10, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-27813

    MSI Center before 2.0.52.0 has Missing PE Signature Validation.... Read more

    Affected Products : center
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-27812

    MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.... Read more

    Affected Products : center
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-25197

    Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content ... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1677

    A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports.... Read more

    Affected Products : gitlab
    • Published: Apr. 10, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-11129

    An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the s... Read more

    Affected Products : gitlab
    • Published: Apr. 10, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-32755

    In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselv... Read more

    Affected Products : ssh-agent ssh-slave
    • Published: Apr. 10, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-32754

    In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert thems... Read more

    Affected Products : ssh-agent
    • Published: Apr. 10, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-1073

    Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-31411

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-27350

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa allows Reflected XSS.This issue affects Vice Versa: from n/a through 2.2.3.... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293496 Results