Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2025-2215

    A vulnerability classified as critical was found in Doufox up to 0.2.0. Affected by this vulnerability is an unknown functionality of the file /?s=doudou&c=file&a=list. The manipulation of the argument dir leads to path traversal. The attack can be launch... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-20144

    A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a sp... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20145

    A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incor... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-29780

    Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matr... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cryptography

  • 5.8

    MEDIUM
    CVE-2024-58103

    Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-2393

    A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salut_del.php. The manipulation of the argument id leads to sql injection. It is ... Read more

    • Published: Mar. 17, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-23382

    Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vu... Read more

    Affected Products : secure_connect_gateway
    • Published: Mar. 19, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-0431

    Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslas... Read more

    Affected Products : enterprise_protection
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-46746

    An administrator could discover another account's credentials.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-20022

    Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2008-1248

    The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440.... Read more

    Affected Products : 320_sip_phone
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2025-53864

    Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the... Read more

    Affected Products : nimbus_jose\+jwt
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-7575

    A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_delete_ajax of the file submit.php. The manipulation leads to path traversal. The attack... Read more

    Affected Products : wikidocs
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-27273

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS. This issue affects Affiliate Links Manager: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-31947

    Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Matterm... Read more

    Affected Products : mattermost_server
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-4795

    A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to ini... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2008-1373

    Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.... Read more

    Affected Products : cups
    • Published: Apr. 04, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2025-52967

    gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.... Read more

    Affected Products : mlflow
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-3816

    A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can b... Read more

    Affected Products : cicadascms
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-43716

    A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints su... Read more

    Affected Products : landesk_management_suite
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal
Showing 20 of 294846 Results