Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-57248

    Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass ac... Read more

    Affected Products : filevista
    • Published: Feb. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2024-41656

    Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subs... Read more

    Affected Products : sentry
    • Published: Jul. 23, 2024
    • Modified: Sep. 15, 2025

  • 5.3

    MEDIUM
    CVE-2024-53253

    Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret f... Read more

    Affected Products : sentry
    • Published: Nov. 22, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2025-53099

    Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code w... Read more

    Affected Products : sentry
    • Published: Jul. 01, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2024-57249

    Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co... Read more

    Affected Products : filevista
    • Published: Feb. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-54911

    Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-27354

    An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality ... Read more

    Affected Products : debian_linux phpseclib
    • Published: Mar. 01, 2024
    • Modified: Sep. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-25221

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25222

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-7099

    A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument d... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-7100

    A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. Th... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7101

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code in... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7102

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack c... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-7103

    A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. T... Read more

    Affected Products : boyuncms
    • Published: Jul. 07, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2024-22188

    TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed vers... Read more

    Affected Products : typo3
    • Published: Mar. 05, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2024-27355

    An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeO... Read more

    Affected Products : debian_linux phpseclib
    • Published: Mar. 01, 2024
    • Modified: Sep. 15, 2025

  • 5.8

    MEDIUM
    CVE-2025-25223

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-24323

    SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.... Read more

    Affected Products : litemall litemall
    • Published: Feb. 27, 2024
    • Modified: Sep. 15, 2025

  • 7.5

    HIGH
    CVE-2025-25224

    The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.... Read more

    Affected Products : luxcal_web_calendar
    • Published: Feb. 18, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2024-32474

    Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An... Read more

    Affected Products : sentry
    • Published: Apr. 18, 2024
    • Modified: Sep. 15, 2025
Showing 20 of 294277 Results