Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-22800

    Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.... Read more

    Affected Products : post_smtp
    • Published: Jan. 13, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22252

    A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin acco... Read more

    Affected Products : fortios fortiswitchmanager fortiproxy
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-54020

    A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.... Read more

    Affected Products : fortimanager
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25029

    IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.... Read more

    Affected Products : security_guardium
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-25026

    IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.... Read more

    Affected Products : security_guardium
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-25025

    IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    Affected Products : security_guardium
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-48485

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user up... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5371

    A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Use... Read more

    • Published: May. 31, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-32598

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.... Read more

    Affected Products : wp_table_builder
    • Published: Apr. 11, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-30408

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 2.5

    LOW
    CVE-2024-55539

    Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185, Acronis Cyber Protect 16 (Linux) before build 39938.... Read more

    • Published: Dec. 23, 2024
    • Modified: Jun. 04, 2025

  • 7.8

    HIGH
    CVE-2023-48677

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378, Acronis Cyber Protect 16 (W... Read more

    • Published: Dec. 12, 2023
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-22777

    Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3.... Read more

    Affected Products : givewp
    • Published: Jan. 13, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-37997

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() whic... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-37995

    In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37994

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing bef... Read more

    Affected Products : linux_kernel
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37992

    In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving pack... Read more

    Affected Products : linux_kernel
    • Published: May. 26, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-37991

    In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens be... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-37990

    In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value.... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-37987

    In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292797 Results