Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-32917

    Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.... Read more

    Affected Products : checkmk checkmk
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-47783

    Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actio... Read more

    Affected Products : label_studio
    • Published: May. 14, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2527

    Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2022-1615

    In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.... Read more

    Affected Products : fedora samba
    • EPSS Score: %0.12
    • Published: Sep. 01, 2022
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-55626

    An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-1712

    Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files... Read more

    Affected Products : checkmk checkmk
    • Published: May. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2022-31807

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a malic... Read more

    • Published: May. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2022-31812

    A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unau... Read more

    Affected Products : sipass_integrated
    • Published: May. 23, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-6124

    A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiate... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-5054

    Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crash... Read more

    Affected Products : ubuntu_linux apport
    • Published: May. 30, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Race Condition

  • 3.0

    LOW
    CVE-2021-25743

    kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.31
    • Published: Jan. 07, 2022
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-49575

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This im... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-49576

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbi... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49577

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in ... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49578

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This ... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49579

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into t... Read more

    Affected Products : citizen
    • Published: Jun. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-36041

    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than... Read more

    • Published: Jun. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-52576

    Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HT... Read more

    Affected Products : kanboard
    • Published: Jun. 25, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-55637

    Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-55634

    Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large number of simultane... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291589 Results