Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-26396

    The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-1479

    An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.... Read more

    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-7073

    A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and ext... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.1

    LOW
    CVE-2025-49112

    setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.... Read more

    Affected Products : redis
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-48877

    A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger th... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-1440

    An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2024-12168

    Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-5404

    A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the a... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5435

    A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The ex... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 2.6

    LOW
    CVE-2025-48938

    go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-4595

    The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4607

    The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forge... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4631

    The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects wh... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-5290

    The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5379

    A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded cr... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-5401

    A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. ... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5402

    A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Paramete... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5409

    A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper acces... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-5410

    A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request ... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2024-11857

    Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subseque... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293568 Results