Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2025-29929

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing ar... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30155

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tu... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-30203

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS fee... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-30209

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Com... Read more

    Affected Products : tuleap
    • Published: Mar. 31, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-38865

    Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact g... Read more

    Affected Products : checkmk checkmk
    • Published: Apr. 10, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2024-57176

    An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.... Read more

    Affected Products : white-jotter
    • Published: Feb. 21, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-2245

    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitiz... Read more

    • Published: Apr. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-55282

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a ... Read more

    Affected Products : aiven-db-migrate
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-55283

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems ... Read more

    Affected Products : aiven-db-migrate
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-51510

    MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component.... Read more

    Affected Products : moonshine
    • Published: Aug. 19, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-53631

    flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post... Read more

    Affected Products : flaskblog
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-55198

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuri... Read more

    Affected Products : helm
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-55199

    Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolv... Read more

    Affected Products : helm
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-31239

    A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: May. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-9017

    A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. The attack can be init... Read more

    Affected Products : zoo_management_system
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-27909

    IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-54234

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary re... Read more

    Affected Products : coldfusion
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.3

    HIGH
    CVE-2025-54378

    HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a resourc... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 26, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-8708

    A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipul... Read more

    Affected Products : white-jotter
    • Published: Aug. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-50179

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition... Read more

    Affected Products : tuleap
    • Published: Jun. 25, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291562 Results