Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-4473

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access a... Read more

    Affected Products : frontend_dashboard
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-0035

    Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-47276

    Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password h... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 1.8

    LOW
    CVE-2025-47278

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by ... Read more

    Affected Products : flask
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-43006

    SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availa... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-43010

    SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard progra... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-43002

    SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-43008

    Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-43004

    Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicio... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-40628

    SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-40556

    A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP message... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-35471

    conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-pr... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-33024

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: May. 13, 2025
    • Modified: May. 13, 2025

  • 9.9

    CRITICAL
    CVE-2025-32469

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All ... Read more

    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-24510

    A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP m... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-43005

    SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low... Read more

    Affected Products : gui_for_windows
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 6.4

    MEDIUM
    CVE-2025-43003

    SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive informati... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 2.5

    LOW
    CVE-2024-35281

    An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-51445

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authentica... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2024-51444

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an S... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection
Showing 20 of 292508 Results