Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-28421

    SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php... Read more

    Affected Products : razor
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2025-43861

    ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that sa... Read more

    Affected Products : managewiki
    • Published: Apr. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-35176

    REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem... Read more

    Affected Products : rexml
    • Published: May. 16, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-35800

    In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2024-12138

    A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to d... Read more

    Affected Products : horilla
    • Published: Dec. 04, 2024
    • Modified: Sep. 19, 2025

  • 6.1

    MEDIUM
    CVE-2025-47789

    Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external doma... Read more

    Affected Products : horilla
    • Published: May. 15, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-24025

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the ... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-22612

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plai... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-22611

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, ... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-21914

    A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or contr... Read more

    Affected Products : factorytalk_view
    • Published: Mar. 25, 2024
    • Modified: Sep. 19, 2025

  • 6.5

    MEDIUM
    CVE-2025-22610

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exp... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-58756

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=T... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-58757

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix a... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58755

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. It is used in many places in the project. In versions up to and including... Read more

    Affected Products : medical_open_network_for_ai
    • Published: Sep. 09, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-22609

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his ow... Read more

    Affected Products : coolify
    • Published: Jan. 24, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-55190

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive... Read more

    Affected Products : argo-cd argo_cd
    • Published: Sep. 04, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2019-25225

    `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into... Read more

    Affected Products : sanitize-html
    • Published: Sep. 08, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2024-35799

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists. [How] Check if the function declaration is NULL in disable s... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 0.0

    NA
    CVE-2025-23160

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be r... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-23143

    In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294796 Results