Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-10083

    A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed... Read more

    Affected Products : pet_grooming_management_software
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-10085

    A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remote... Read more

    Affected Products : pet_grooming_management_software
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-10087

    A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be... Read more

    Affected Products : pet_grooming_management_software
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-10088

    A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotel... Read more

    Affected Products : personal_time_tracker
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-56630

    FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.... Read more

    Affected Products : foxcms
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-32023

    Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5.... Read more

    Affected Products : kohya_ss
    • Published: Apr. 16, 2024
    • Modified: Sep. 08, 2025

  • 6.5

    MEDIUM
    CVE-2024-32024

    Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.... Read more

    Affected Products : kohya_ss
    • Published: Apr. 16, 2024
    • Modified: Sep. 08, 2025

  • 8.8

    HIGH
    CVE-2025-8109

    Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.... Read more

    Affected Products : ddk
    • Published: Aug. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-58782

    Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2025-40929

    Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact... Read more

    Affected Products :
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-3212

    Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain a... Read more

    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2024-32025

    Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.... Read more

    Affected Products : kohya_ss
    • Published: Apr. 16, 2024
    • Modified: Sep. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-32026

    Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `git_caption_gui.py`. This vulnerability is fixed in 23.1.5.... Read more

    Affected Products : kohya_ss
    • Published: Apr. 16, 2024
    • Modified: Sep. 08, 2025

  • 9.8

    CRITICAL
    CVE-2024-32027

    Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vulnerable to command injection in `finetune_gui.py` This vulnerability is fixed in 23.1.5.... Read more

    Affected Products : kohya_ss
    • Published: Apr. 16, 2024
    • Modified: Sep. 08, 2025

  • 5.4

    MEDIUM
    CVE-2024-34064

    Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a sep... Read more

    Affected Products : fedora jinja
    • Published: May. 06, 2024
    • Modified: Sep. 08, 2025

  • 8.8

    HIGH
    CVE-2025-34510

    Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted ... Read more

    • Published: Jun. 17, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-34509

    Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote at... Read more

    • Published: Jun. 17, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-8085

    The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.... Read more

    Affected Products : ditty
    • Published: Sep. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-56803

    Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to child_pr... Read more

    Affected Products : desktop
    • Published: Sep. 03, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2025-48562

    In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293350 Results