Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-29509

    Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-47269

    code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a... Read more

    Affected Products : code-server
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-3794

    The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficie... Read more

    Affected Products : wpforms
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-4510

    A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initi... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4512

    A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the argument action leads to cross site scripting. It is pos... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-4513

    A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-47817

    In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-47828

    Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-4527

    A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4555

    The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions include opening gates, viewing licens... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-4551

    A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch ... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2025-46748

    An authenticated user attempting to change their password could do so without using the current password.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-46747

    An authenticated user without user-management permissions could identify other user accounts.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-3455

    The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This... Read more

    Affected Products : 1_click_migration
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-46739

    An unauthenticated user could discover account credentials via a brute-force attack without rate limiting... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2158

    The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-4532

    A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe. The manipulation leads to uncontrolled sea... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-46740

    An authenticated user without user administrative permissions could change the administrator Account Name.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-46743

    An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-3496

    An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291741 Results