Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-47928

    Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked PR can be exploited ... Read more

    Affected Products : spotipy
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-47789

    Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external doma... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-4211

    Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulner... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-8201

    Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.... Read more

    Affected Products : ops_center_analyzer
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-2306

    An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the docume... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-32962

    Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 ... Read more

    Affected Products : flask-appbuilder flask-appbuilder
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 2.0

    LOW
    CVE-2025-40632

    Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-26152

    ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, ... Read more

    Affected Products : label_studio
    • Published: Feb. 22, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2023-3966

    A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled... Read more

    Affected Products : fedora openvswitch
    • Published: Feb. 22, 2024
    • Modified: May. 16, 2025

  • 7.8

    HIGH
    CVE-2025-4500

    A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer... Read more

    Affected Products : hotel_management_system
    • Published: May. 10, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-4469

    A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassw... Read more

    Affected Products : online_student_clearance_system
    • Published: May. 09, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2022-42160

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.... Read more

    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 4.3

    MEDIUM
    CVE-2022-42159

    D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.... Read more

    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2022-34021

    Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.... Read more

    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2022-34020

    Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified impacts.... Read more

    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-33106

    WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.... Read more

    Affected Products : u250_firmware u250
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-24697

    Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject a... Read more

    Affected Products : kylin
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2021-20030

    SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.... Read more

    Affected Products : global_management_system
    • Published: Oct. 13, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2018-18447

    dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).... Read more

    Affected Products : paint.net
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2018-18446

    dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).... Read more

    Affected Products : paint.net
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025
Showing 20 of 292803 Results