Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    CVSS31
    CVE-2025-29313

    Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 25, 2025

  • 5.4

    CVSS31
    CVE-2025-27809

    Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 9.8

    CVSS31
    CVE-2025-2682

    A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible... Read more

    • Published: Mar. 24, 2025
    • Modified: Mar. 25, 2025

  • 8.8

    CVSS31
    CVE-2025-29635

    A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote com... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 8.1

    CVSS31
    CVE-2025-29314

    Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 25, 2025

  • 8.2

    CVSS31
    CVE-2025-27147

    The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 ... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 6.5

    CVSS31
    CVE-2025-26742

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 3.5

    CVSS31
    CVE-2025-1452

    The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 3.5

    CVSS31
    CVE-2025-0717

    To exploit the vulnerability, it is necessary:... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 4.7

    CVSS31
    CVE-2024-9770

    The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 9.8

    CVSS31
    CVE-2024-42533

    SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 7.1

    CVSS31
    CVE-2024-13863

    The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 7.2

    CVSS31
    CVE-2024-13618

    The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 8.6

    CVSS31
    CVE-2024-13617

    The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 4.3

    CVSS31
    CVE-2025-2743

    A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manip... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 5.4

    CVSS31
    CVE-2025-2742

    A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 7.3

    CVSS31
    CVE-2025-2740

    A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible t... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 8.8

    CVSS31
    CVE-2025-2732

    A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the com... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 8.8

    CVSS31
    CVE-2025-2731

    A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025

  • 8.8

    CVSS31
    CVE-2025-2725

    A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POS... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 25, 2025
Showing 20 of 232 Results
© cvefeed.io
Latest DB Update: Mar. 25, 2025 19:14