Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-54254

    Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensi... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: XML External Entity

  • 8.7

    HIGH
    CVE-2025-49557

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into v... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46789

    Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-52473

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is c... Read more

    Affected Products : liboqs
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2024-13200

    A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. ... Read more

    Affected Products : springboot-blog
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53642

    haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-13201

    A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attach... Read more

    Affected Products : springboot-blog
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-13202

    A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Hand... Read more

    Affected Products : springboot-blog
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0333

    A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remot... Read more

    Affected Products : cy-fast
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0334

    A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The attack can be laun... Read more

    Affected Products : cy-fast
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0344

    A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be laun... Read more

    Affected Products : cy-fast
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0345

    A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely... Read more

    Affected Products : cy-fast
    • Published: Jan. 09, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2024-45061

    A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious... Read more

    Affected Products : observium
    • Published: Jan. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2024-47002

    A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.... Read more

    Affected Products : observium
    • Published: Jan. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-22129

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.173624... Read more

    Affected Products : tuleap
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2024-47140

    A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provid... Read more

    Affected Products : observium
    • Published: Jan. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-52599

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability t... Read more

    Affected Products : tuleap
    • Published: Dec. 09, 2024
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2025-36512

    A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database inst... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-36520

    A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerab... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-46354

    A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger th... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291562 Results