Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    CVSS31
    CVE-2024-7096

    A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * S... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 4.2

    CVSS31
    CVE-2025-2571

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 3.7

    CVSS31
    CVE-2025-48946

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malf... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 3.1

    CVSS31
    CVE-2025-3611

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 3.1

    CVSS31
    CVE-2025-1792

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels v... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 2.7

    CVSS31
    CVE-2025-5381

    A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: May. 31, 2025

  • 2.4

    CVSS31
    CVE-2025-5383

    A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scriptin... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: May. 31, 2025

  • 0.0

    NONE
    CVE-2025-48885

    application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48883

    Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48938

    go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2024-13916

    An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ con... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2024-13915

    Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48948

    Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configur... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48949

    Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48882

    PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to X... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2023-26226

    A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682... Read more

    Affected Products : yandex_browser
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2024-13917

    An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious applic... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
Showing 20 of 97 Results
© cvefeed.io
Latest DB Update: Jun. 01, 2025 12:49