Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-46749

    An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-46746

    An administrator could discover another account's credentials.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-46742

    Users who were required to change their password could still access system information before changing their password... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-47578

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through 0.3.8.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.4

    LOW
    CVE-2025-47274

    ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the ru... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-40626

    Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data,... Read more

    Affected Products : abantecart
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-47271

    The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor cou... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4561

    The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-4560

    The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. These functions include viewing the administrator list, viewing and editing IP settings, and uploading ... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4559

    The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-4534

    A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an a... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-4531

    A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4530

    A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manip... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-4526

    A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to missing password field masking. It is possible to initiate the att... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4350

    A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. The attack can be initiated remotely. This vulnerabil... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4349

    A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerabil... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4348

    A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vul... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4347

    A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remot... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4346

    A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. Th... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4345

    A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability onl... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292318 Results