Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-47939

    TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a w... Read more

    Affected Products : typo3
    • Published: May. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-47940

    TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalat... Read more

    Affected Products : typo3
    • Published: May. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-47941

    TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due t... Read more

    Affected Products : typo3
    • Published: May. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-42486

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI c... Read more

    Affected Products : cilium
    • Published: Aug. 16, 2024
    • Modified: Sep. 03, 2025

  • 5.8

    MEDIUM
    CVE-2024-52529

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a sp... Read more

    Affected Products : cilium
    • Published: Nov. 25, 2024
    • Modified: Sep. 03, 2025

  • 5.3

    MEDIUM
    CVE-2025-23028

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is... Read more

    Affected Products : cilium
    • Published: Jan. 22, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-23047

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 thro... Read more

    Affected Products : cilium
    • Published: Jan. 22, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-32793

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that ori... Read more

    Affected Products : cilium
    • Published: Apr. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Race Condition

  • 6.0

    MEDIUM
    CVE-2025-4876

    ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations witho... Read more

    Affected Products : risk_assessment
    • Published: May. 19, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2022-49493

    In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete t... Read more

    Affected Products : linux_kernel
    • Published: Feb. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-32387

    Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has b... Read more

    Affected Products : helm
    • Published: Apr. 09, 2025
    • Modified: Sep. 03, 2025

  • 6.5

    MEDIUM
    CVE-2025-32386

    Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted ca... Read more

    Affected Products : helm
    • Published: Apr. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-9742

    A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attac... Read more

    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9743

    A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can... Read more

    • Published: Aug. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-9433

    A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be in... Read more

    Affected Products : mblog
    • Published: Aug. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-9461

    A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argume... Read more

    Affected Products : bbs
    • Published: Aug. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-1139

    IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.... Read more

    Affected Products : edge_application_manager
    • Published: Aug. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-1142

    IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : edge_application_manager
    • Published: Aug. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.3

    HIGH
    CVE-2025-8612

    AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to ex... Read more

    Affected Products : backupper_workstation
    • Published: Aug. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-53547

    Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are c... Read more

    Affected Products : helm
    • Published: Jul. 08, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292846 Results