Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5078

    A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be ca... Read more

    Affected Products : online_shopping_portal
    • Published: May. 22, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54988

    Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sen... Read more

    Affected Products : tika
    • Published: Aug. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: XML External Entity

  • 7.8

    HIGH
    CVE-2024-7738

    A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking l... Read more

    Affected Products : markdown_pdf
    • Published: Aug. 13, 2024
    • Modified: Sep. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-7739

    A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclose... Read more

    Affected Products : markdown_pdf
    • Published: Aug. 13, 2024
    • Modified: Sep. 02, 2025

  • 3.3

    LOW
    CVE-2024-44271

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54554

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-54568

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43187

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbitrary code.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2025-43255

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43268

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-43284

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-3576

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions... Read more

    • Published: Apr. 15, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cryptography

  • 8.5

    HIGH
    CVE-2025-8067

    A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of thi... Read more

    Affected Products : enterprise_linux libssh
    • Published: Aug. 28, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-4373

    A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.... Read more

    • Published: May. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-55622

    Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-7969

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-... Read more

    Affected Products : markdown-it
    • Published: Aug. 21, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-27696

    Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to ver... Read more

    Affected Products : superset
    • Published: May. 13, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-7221

    A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. ... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-7220

    A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possibl... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-7219

    A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql inject... Read more

    • Published: Jul. 30, 2024
    • Modified: Sep. 01, 2025
Showing 20 of 293505 Results