Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-47791

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not prote... Read more

    Affected Products : nextcloud_server notes
    • Published: May. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.9

    CRITICAL
    CVE-2025-47949

    samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by... Read more

    Affected Products : samlify
    • Published: May. 19, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-47290

    containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The o... Read more

    Affected Products : containerd
    • Published: May. 20, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-47291

    containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, th... Read more

    Affected Products : containerd
    • Published: May. 21, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-29894

    An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-29893

    An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more

    Affected Products : qsync_central
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-29890

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from ... Read more

    Affected Products : file_station
    • Published: Aug. 29, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2023-48620

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48597

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48573

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48606

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48582

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48574

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48558

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48442

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2022-30686

    Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be exe... Read more

    Affected Products : experience_manager
    • Published: Sep. 16, 2022
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48621

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48586

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2023-48581

    Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Dec. 15, 2023
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2022-30682

    Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be exe... Read more

    Affected Products : experience_manager
    • Published: Sep. 16, 2022
    • Modified: Sep. 19, 2025
Showing 20 of 294824 Results