Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CVSS31
    CVE-2025-32440

    NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.p... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-5246

    A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /hms/admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The... Read more

    Affected Products : online_hospital_management_system
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-22252

    A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin acco... Read more

    Affected Products : fortios
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-3357

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.... Read more

    Affected Products : tivoli_monitoring
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-45343

    An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-5298

    A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to ... Read more

    Affected Products : online_hospital_management_system
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.6

    CVSS31
    CVE-2025-5277

    aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.1

    CVSS31
    CVE-2025-48749

    Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.1

    CVSS31
    CVE-2025-27528

    Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Use... Read more

    Affected Products : inlong
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.1

    CVSS31
    CVE-2025-3755

    Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service ... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 29, 2025

  • 8.8

    CVSS31
    CVE-2025-4800

    The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authentica... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 8.8

    CVSS31
    CVE-2025-5117

    The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐lev... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 8.8

    CVSS31
    CVE-2025-48734

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. Howev... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 8.8

    CVSS31
    CVE-2025-5280

    Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 8.8

    CVSS31
    CVE-2025-5063

    Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 8.6

    CVSS31
    CVE-2025-45997

    Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 8.4

    CVSS31
    CVE-2025-27700

    There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 8.2

    CVSS31
    CVE-2025-48383

    Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access ... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 7.8

    CVSS31
    CVE-2025-25251

    An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.8

    CVSS30
    CVE-2025-1753

    LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argumen... Read more

    Affected Products : llamaindex
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
Showing 20 of 135 Results
© cvefeed.io
Latest DB Update: May. 29, 2025 9:51