Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-5302

    A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to ... Read more

    Affected Products : llamaindex
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-55301

    The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-9048

    The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attacke... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 9.6

    CRITICAL
    CVE-2025-26496

    Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-43770

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through up... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-43768

    Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions t... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-9416

    A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from... Read more

    Affected Products : samarium
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-9386

    A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The ... Read more

    Affected Products : tcpreplay
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-52451

    Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-9399

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The expl... Read more

    Affected Products : yifang
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9410

    A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9409

    A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversa... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-57802

    Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data).... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-7821

    The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-3478

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5821

    The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_logi... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-5352

    A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTM... Read more

    Affected Products : lunary
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-5060

    The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.0. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_ca... Read more

    Affected Products :
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-43766

    The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books compone... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-5514

    Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and preve... Read more

    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3928 Results