Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-42446

    APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.... Read more

    Affected Products : aptio_v
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-47276

    Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password h... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-4396

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.4 (Premium) due to insufficient escaping on the user sup... Read more

    Affected Products : relevanssi
    • Published: May. 13, 2025
    • Modified: May. 13, 2025

  • 6.5

    MEDIUM
    CVE-2025-3107

    The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ... Read more

    Affected Products : newsletters
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2024-23815

    A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server ... Read more

    Affected Products : desigo_cc
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-51445

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authentica... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: XML External Entity

  • 8.2

    HIGH
    CVE-2025-24009

    A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with network access could... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-33024

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: May. 13, 2025
    • Modified: May. 13, 2025

  • 6.6

    MEDIUM
    CVE-2024-36340

    A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-40628

    SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-4646

    Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2025-31929

    A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4k... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-41645

    An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-4474

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscr... Read more

    Affected Products : frontend_dashboard
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-51446

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-26390

    A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to... Read more

    Affected Products : ozw672_firmware ozw772_firmware
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-40555

    A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-4473

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access a... Read more

    Affected Products : frontend_dashboard
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-0035

    Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-43006

    SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availa... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291638 Results