Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6809

    The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products : simple_video_directory
    • Published: May. 15, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-9227

    The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html... Read more

    Affected Products : powerpress
    • Published: May. 15, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3945

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-5200

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-boun... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5201

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-b... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5202

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The mani... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5203

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Loc... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5204

    A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-4517

    Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract(... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-4330

    Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar arch... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-4138

    Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar arch... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2023-6347

    Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Nov. 29, 2023
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2023-48951

    An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.... Read more

    Affected Products : virtuoso
    • Published: Nov. 29, 2023
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-48802

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Nov. 30, 2023
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-45481

    Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Nov. 29, 2023
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-42541

    Remote code execution... Read more

    Affected Products : android
    • Published: Nov. 29, 2023
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-5205

    A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /dcwr_entry.php. The manipulation of the argument Date leads to sql injection. It is possible to l... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5206

    A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql inj... Read more

    Affected Products : pixelimity
    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5207

    A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of the argument ni... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5208

    A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument emailid leads to sql injection. ... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection
Showing 20 of 292792 Results