Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-24808

    Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The re... Read more

    Affected Products : discourse
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Race Condition

  • 7.2

    HIGH
    CVE-2024-28027

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 7.2

    HIGH
    CVE-2024-28026

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 7.2

    HIGH
    CVE-2024-28025

    Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated H... Read more

    Affected Products : mc_lr_router_firmware mc_lr_router
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2024-41259

    Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.... Read more

    Affected Products : navidrome
    • Published: Aug. 01, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2025-3199

    A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.java of t... Read more

    Affected Products : ruoyi-ai
    • Published: Apr. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2024-8068

    Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain... Read more

    Affected Products : session_recording
    • Actively Exploited
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2025-3202

    A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads... Read more

    Affected Products : ruoyi-ai
    • Published: Apr. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-32035

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the act... Read more

    Affected Products : dotnetnuke
    • Published: Apr. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-32036

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easil... Read more

    Affected Products : dotnetnuke dotnetnuke
    • Published: Apr. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-32371

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a ... Read more

    Affected Products : dotnetnuke dotnetnuke
    • Published: Apr. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-32372

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET re... Read more

    Affected Products : dotnetnuke
    • Published: Apr. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-32373

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. ... Read more

    Affected Products : dotnetnuke dotnetnuke
    • Published: Apr. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-32374

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.... Read more

    Affected Products : dotnetnuke
    • Published: Apr. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 10.0

    HIGH
    CVE-2014-0754

    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6... Read more

    • EPSS Score: %3.03
    • Published: Oct. 03, 2014
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2014-0753

    Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.... Read more

    Affected Products : integraxor
    • EPSS Score: %1.02
    • Published: Jan. 21, 2014
    • Modified: Aug. 26, 2025

  • 4.8

    MEDIUM
    CVE-2025-8066

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.... Read more

    Affected Products : bunker_web
    • Published: Aug. 15, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-26498

    Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-26497

    Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-39923

    An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an ... Read more

    Affected Products :
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291890 Results