Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    CVSS31
    CVE-2025-46701

    Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 1... Read more

    Affected Products : tomcat
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 7.3

    CVSS31
    CVE-2025-45474

    maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 7.3

    CVSS31
    CVE-2025-5365

    A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: May. 31, 2025

  • 7.1

    CVSS31
    CVE-2025-2503

    An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.... Read more

    Affected Products : pc_manager
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.8

    CVSS31
    CVE-2024-23589

    Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.7

    CVSS30
    CVE-2025-41385

    An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.6

    CVSS31
    CVE-2025-4635

    A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-48943

    vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vu... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-4597

    The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and includ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-48942

    vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-48944

    vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2024-49350

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2024-42191

    HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-5142

    The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce validation and capability checks in the settings save handler in the settings.ph... Read more

    Affected Products : simple_page_access_restriction
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-48887

    vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS30
    CVE-2025-47697

    Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2024-42190

    HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-1484

    A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a reque... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-48334

    Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action "woo_slide_pro_delete_slider".... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.5

    CVSS31
    CVE-2025-4633

    Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
Showing 20 of 192 Results
© cvefeed.io
Latest DB Update: May. 31, 2025 3:48