Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-47790

    Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bu... Read more

    Affected Products : notes
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-4769

    A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The co... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Path Traversal

  • 2.0

    LOW
    CVE-2025-40631

    HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirec... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-4768

    A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-1531

    Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-47275

    Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can... Read more

    Affected Products : auth0
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-47928

    Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited ... Read more

    Affected Products : spotipy
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-47789

    Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external doma... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-4211

    Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulner... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-8201

    Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.... Read more

    Affected Products : ops_center_analyzer
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-2306

    An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the docume... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32962

    Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 ... Read more

    Affected Products : flask-appbuilder flask-appbuilder
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-40632

    Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-26152

    ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, ... Read more

    Affected Products : label_studio
    • Published: Feb. 22, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2023-3966

    A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled... Read more

    Affected Products : fedora openvswitch
    • Published: Feb. 22, 2024
    • Modified: May. 16, 2025

  • 7.8

    HIGH
    CVE-2025-4500

    A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer... Read more

    Affected Products : hotel_management_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-4469

    A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassw... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2022-42160

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 4.3

    MEDIUM
    CVE-2022-42159

    D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.... Read more

    • EPSS Score: %0.26
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2022-34021

    Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025
Showing 20 of 292508 Results