Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-34115

    DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.... Read more

    Affected Products : dataease dataease
    • Published: Jul. 22, 2022
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-57773

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writi... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-8547

    A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as critical. This vulnerability affects unknown code of the component Email Verification Handler. The manipulation leads to improper authorization. The attack can be initiated remote... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-57772

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl ... Read more

    Affected Products : dataease
    • Published: Aug. 25, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-8548

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiController.java of the component Registered Email Handler. ... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-8549

    A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.java. The manipulation leads to weak password requiremen... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-53882

    A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-46809

    A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-5657

    The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.... Read more

    Affected Products : two-factor_authentication
    • Published: Jun. 06, 2024
    • Modified: Sep. 03, 2025

  • 8.8

    HIGH
    CVE-2024-51941

    A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injec... Read more

    Affected Products : ambari
    • Published: Jan. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-46811

    A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: f... Read more

    Affected Products :
    • Published: Jul. 30, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-5658

    The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.... Read more

    Affected Products : two-factor_authentication
    • Published: Jun. 06, 2024
    • Modified: Sep. 03, 2025

  • 5.9

    MEDIUM
    CVE-2025-8415

    A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to ... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-8941

    A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6... Read more

    • Published: Aug. 13, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-6020

    A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.... Read more

    • Published: Jun. 17, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-27101

    SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where ... Read more

    Affected Products : spicedb
    • Published: Mar. 01, 2024
    • Modified: Sep. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-26623

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affe... Read more

    Affected Products : exiv2
    • Published: Feb. 18, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2023-25574

    `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authe... Read more

    Affected Products : lti_jupyterhub_authenticator
    • Published: Feb. 25, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-1817

    A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated r... Read more

    Affected Products : tmall_demo mini-tmall
    • Published: Mar. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1843

    A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The at... Read more

    Affected Products : tmall_demo
    • Published: Mar. 03, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection
Showing 20 of 292811 Results