Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-12115

    The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function... Read more

    Affected Products : poll_maker
    • Published: Dec. 07, 2024
    • Modified: May. 28, 2025

  • 7.2

    HIGH
    CVE-2024-3600

    The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all vers... Read more

    Affected Products : poll_maker
    • Published: Apr. 19, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2023-49453

    Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php.... Read more

    Affected Products : dedecms racktables
    • Published: Mar. 12, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2023-41504

    SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 13, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-41505

    An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : student_enrollment
    • Published: Mar. 13, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2025-2847

    A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. Th... Read more

    Affected Products : gym_management_system
    • Published: Mar. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2151

    A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buff... Read more

    Affected Products : assimp
    • Published: Mar. 10, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-3395

    Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.... Read more

    Affected Products : automation_builder
    • Published: Apr. 30, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-3394

    Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.... Read more

    Affected Products : automation_builder
    • Published: Apr. 30, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-51319

    A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-5186

    A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the ar... Read more

    Affected Products : jeesite
    • Published: May. 26, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.2

    CRITICAL
    CVE-2025-5124

    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of defa... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-37265

    Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.... Read more

    Affected Products : steal
    • EPSS Score: %0.14
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-25734

    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.... Read more

    Affected Products : apollo_vx20_firmware apollo_vx20
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25735

    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.... Read more

    Affected Products : apollo_vx20_firmware apollo_vx20
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-25736

    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.... Read more

    Affected Products : apollo_vx20_firmware apollo_vx20
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 7.8

    HIGH
    CVE-2025-2308

    A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be app... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2309

    A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to appro... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2310

    A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The ex... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2024-25423

    An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.... Read more

    Affected Products : cinema_4d
    • Published: Feb. 22, 2024
    • Modified: May. 28, 2025
Showing 20 of 291741 Results