Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-8549

    A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requiremen... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-53882

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-46809

    A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-5657

    The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.... Read more

    Affected Products : two-factor_authentication
    • Published: Jun. 06, 2024
    • Modified: Sep. 03, 2025

  • 8.8

    HIGH
    CVE-2024-51941

    A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injec... Read more

    Affected Products : ambari
    • Published: Jan. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46811

    A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: f... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-5658

    The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.... Read more

    Affected Products : two-factor_authentication
    • Published: Jun. 06, 2024
    • Modified: Sep. 03, 2025

  • 5.9

    MEDIUM
    CVE-2025-8415

    A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-8941

    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6... Read more

    • Published: Aug. 13, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-6020

    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.... Read more

    • Published: Jun. 17, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-27101

    SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where ... Read more

    Affected Products : spicedb
    • Published: Mar. 01, 2024
    • Modified: Sep. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-26623

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affe... Read more

    Affected Products : exiv2
    • Published: Feb. 18, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2023-25574

    `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authe... Read more

    Affected Products : lti_jupyterhub_authenticator
    • Published: Feb. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-1817

    A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated r... Read more

    Affected Products : tmall_demo mini-tmall
    • Published: Mar. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1843

    A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The at... Read more

    Affected Products : tmall_demo
    • Published: Mar. 03, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-47092

    Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1... Read more

    Affected Products : check_mk_python_api
    • Published: Mar. 03, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57432

    macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to fo... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-32491

    An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be execu... Read more

    Affected Products : znuny
    • Published: Apr. 29, 2024
    • Modified: Sep. 02, 2025

  • 7.1

    HIGH
    CVE-2024-32492

    An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.... Read more

    Affected Products : znuny
    • Published: Apr. 29, 2024
    • Modified: Sep. 02, 2025

  • 8.8

    HIGH
    CVE-2024-32493

    An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.... Read more

    Affected Products : znuny
    • Published: Apr. 29, 2024
    • Modified: Sep. 02, 2025
Showing 20 of 293258 Results