Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-47112

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-35941

    A password is exposed locally.... Read more

    Affected Products : mypro
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-0917

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus alterin... Read more

    Affected Products : cognos_analytics
    • Published: Jun. 11, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-20675

    In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-33... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-47272

    The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g.... Read more

    Affected Products : ce_phoenix_cart
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-48958

    Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, cre... Read more

    Affected Products : froxlor
    • Published: Jun. 02, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-45655

    IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.... Read more

    Affected Products : application_gateway
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20988

    Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48934

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--d... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48910

    Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2008-0709

    Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.... Read more

    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-5699

    The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2023-21581

    Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vuln... Read more

    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-13505

    The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This make... Read more

    Affected Products : survey_maker
    • Published: Jan. 26, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-24814

    Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authenti... Read more

    Affected Products : solr
    • Published: Jan. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-54519

    The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to read sensitive location information.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54549

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-24151

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-23056

    A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary scrip... Read more

    Affected Products : fabric_composer
    • Published: Jan. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-23057

    A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary scrip... Read more

    Affected Products : fabric_composer
    • Published: Jan. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292811 Results