Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8995

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.... Read more

    Affected Products : authenticator_login
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8675

    Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.... Read more

    Affected Products : ai_seo_link_advisor
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-53817

    7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the iss... Read more

    Affected Products : 7-zip
    • Published: Jul. 17, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-53816

    7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.... Read more

    Affected Products : 7-zip
    • Published: Jul. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-42490

    authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/, /api/v3/cr... Read more

    Affected Products : authentik
    • Published: Aug. 22, 2024
    • Modified: Aug. 21, 2025

  • 9.0

    CRITICAL
    CVE-2024-47070

    authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. `a`. This results in a possibility o... Read more

    Affected Products : authentik
    • Published: Sep. 27, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-47077

    authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an ... Read more

    Affected Products : authentik
    • Published: Sep. 27, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-33090

    IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-36120

    IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.... Read more

    Affected Products : storage_virtualize
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-52287

    authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-52289

    authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 6.3

    MEDIUM
    CVE-2024-52307

    authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRET_KEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prom... Read more

    Affected Products : authentik
    • Published: Nov. 21, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-33100

    IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2022-24599

    In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to ... Read more

    • EPSS Score: %0.18
    • Published: Feb. 24, 2022
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9052

    A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The expl... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9053

    A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. ... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-29461

    An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.... Read more

    Affected Products : a-blog_cms a-blogcms a-blogcms
    • Published: Apr. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-54466

    Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can explo... Read more

    Affected Products : ofbiz
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-31988

    HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.... Read more

    Affected Products : digital_experience
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-8092

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291520 Results