Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-8706

    A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy O... Read more

    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-8739

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack ma... Read more

    Affected Products : my-blog my-blog
    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-8705

    A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipul... Read more

    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8704

    A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analys... Read more

    • Published: Aug. 08, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-8787

    A vulnerability has been found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /registros-de-conteudos-por-disciplina/ of the component Registro das atividades. The m... Read more

    Affected Products : i-diario
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8788

    A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulati... Read more

    Affected Products : i-diario
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-8791

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argument role leads to improper authorization. The attack may ... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-6193

    A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a mal... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-3470

    An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key ... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 8.0

    HIGH
    CVE-2024-3646

    A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulner... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 7.5

    HIGH
    CVE-2025-32873

    An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of... Read more

    Affected Products : django
    • Published: May. 08, 2025
    • Modified: Sep. 02, 2025

  • 8.0

    HIGH
    CVE-2024-3684

    A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storag... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 5.9

    MEDIUM
    CVE-2024-2440

    A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions... Read more

    Affected Products : enterprise_server
    • Published: Apr. 19, 2024
    • Modified: Sep. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-8792

    A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The expl... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-8793

    A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack ca... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-8794

    A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to author... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-8795

    A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-8796

    A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID ... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-8797

    A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. T... Read more

    Affected Products : litmus
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-8812

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the... Read more

    Affected Products : pybbs
    • Published: Aug. 10, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292870 Results