Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-47928

    Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited ... Read more

    Affected Products : spotipy
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-47789

    Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external doma... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-4211

    Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulner... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-4747

    A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-46834

    Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys (scoped external... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-2305

    A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Path Traversal

  • 2.0

    LOW
    CVE-2025-40632

    Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-26152

    ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, ... Read more

    Affected Products : label_studio
    • Published: Feb. 22, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2023-3966

    A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled... Read more

    Affected Products : fedora openvswitch
    • Published: Feb. 22, 2024
    • Modified: May. 16, 2025

  • 7.8

    HIGH
    CVE-2025-4500

    A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer... Read more

    Affected Products : hotel_management_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-4469

    A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassw... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2022-42160

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 4.3

    MEDIUM
    CVE-2022-42159

    D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.... Read more

    • EPSS Score: %0.26
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2022-34021

    Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2022-34020

    Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-33106

    WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.... Read more

    Affected Products : u250_firmware u250
    • EPSS Score: %0.11
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-24697

    Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject a... Read more

    Affected Products : kylin
    • EPSS Score: %55.95
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2021-20030

    SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.... Read more

    Affected Products : global_management_system
    • EPSS Score: %0.69
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2018-18447

    dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).... Read more

    Affected Products : paint.net
    • EPSS Score: %0.66
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2018-18446

    dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).... Read more

    Affected Products : paint.net
    • EPSS Score: %0.66
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025
Showing 20 of 291779 Results