Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CVSS31
    CVE-2023-40714

    A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements... Read more

    Affected Products : fortisiem
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025

  • 9.9

    CVSS31
    CVE-2025-2945

    Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 9.8

    CVSS31
    CVE-2025-2005

    The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticate... Read more

    Affected Products : front_end_users
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025

  • 9.8

    CVSS31
    CVE-2025-29063

    An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025

  • 9.8

    CVSS31
    CVE-2025-31161

    CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race c... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 9.8

    CVSS31
    CVE-2025-29085

    SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025

  • 9.8

    CVSS31
    CVE-2025-29062

    An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025

  • 9.3

    CVSS31
    CVE-2025-31911

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 9.1

    CVSS31
    CVE-2024-38392

    Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025

  • 9.1

    CVSS31
    CVE-2025-2946

    pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 9.0

    CVSS31
    CVE-2025-30406

    Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machin... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 04, 2025

  • 9.0

    CVSS31
    CVE-2025-22457

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-29987

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-30889

    Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider allows Object Injection. This issue affects Testimonial Slider: from n/a through 2.0.13.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-3063

    The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This make... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-22924

    OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-3161

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may b... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-25000

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2025-31722

    In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.... Read more

    Affected Products : templating_engine
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025

  • 8.8

    CVSS31
    CVE-2025-22923

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 03, 2025
Showing 20 of 286 Results
© cvefeed.io
Latest DB Update: Apr. 04, 2025 4:15