Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-46807

    A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-3260

    A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dash... Read more

    Affected Products : grafana
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26396

    The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-1479

    An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.... Read more

    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-7073

    A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and ext... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.1

    LOW
    CVE-2025-49112

    setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.... Read more

    Affected Products : redis
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-48877

    A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger th... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-1440

    An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2024-12168

    Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-5404

    A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the a... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5435

    A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The ex... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 2.6

    LOW
    CVE-2025-48938

    go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-4595

    The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4607

    The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forge... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4631

    The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects wh... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-5290

    The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5379

    A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded cr... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-5386

    A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5389

    A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation lea... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-5401

    A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. ... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection
Showing 20 of 292758 Results