Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2022-30578

    The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful at... Read more

    Affected Products : ebx_add-ons
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 4.7

    MEDIUM
    CVE-2022-29800

    A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to repla... Read more

    Affected Products : windows_defender_for_endpoint
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-4297

    A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unkn... Read more

    Affected Products : jobe
    • Published: Jan. 01, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-5032

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-3160

    A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. T... Read more

    Affected Products : assimp
    • Published: Apr. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-4919

    An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 1... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-4918

    An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4837

    A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possi... Read more

    Affected Products : student_project_allocation_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-50771

    Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.... Read more

    • Published: Dec. 13, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-4836

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injec... Read more

    Affected Products : life_insurance_management_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2024-4291

    A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer ... Read more

    Affected Products : ac15_firmware a301_firmware a301
    • Published: Apr. 27, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2025-4806

    A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument I... Read more

    Affected Products : stock_management_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-25777

    Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authori... Read more

    Affected Products : bus_ticket_booking_system
    • Published: Apr. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45885

    PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries.... Read more

    Affected Products : vehicle_parking_management_system
    • Published: May. 09, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4807

    A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate th... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-4101

    The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. Thi... Read more

    Affected Products : multivendorx
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-47931

    LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows a... Read more

    Affected Products : librenms
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4814

    A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name leads to sql injec... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32434

    PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loa... Read more

    Affected Products : pytorch
    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4909

    A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated rem... Read more

    • Published: May. 19, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293407 Results