Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-7523

    A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may... Read more

    Affected Products : jinher_oa
    • Published: Jul. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-6466

    A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.ja... Read more

    Affected Products : ruoyi-ai
    • Published: Jun. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-22495

    An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-22491

    The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has be... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-31416

    The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of th... Read more

    • Published: Sep. 13, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-31415

    The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine... Read more

    • Published: Sep. 13, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-52301

    Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulne... Read more

    Affected Products : debian_linux framework
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-49765

    Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 2.7

    LOW
    CVE-2024-52589

    Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to ... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 6.8

    MEDIUM
    CVE-2024-52794

    Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this v... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-53991

    Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the D... Read more

    Affected Products : discourse
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 7.1

    HIGH
    CVE-2024-56362

    Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the... Read more

    Affected Products : navidrome
    • Published: Dec. 23, 2024
    • Modified: Aug. 26, 2025

  • 8.6

    HIGH
    CVE-2025-30353

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thr... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-30352

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do n... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-30351

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happen... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-24808

    Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The re... Read more

    Affected Products : discourse
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Race Condition

  • 7.2

    HIGH
    CVE-2024-28027

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 7.2

    HIGH
    CVE-2024-28026

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 7.2

    HIGH
    CVE-2024-28025

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-41259

    Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.... Read more

    Affected Products : navidrome
    • Published: Aug. 01, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 292110 Results