Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-13759

    Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64  allows local attackers to gain system-level privileges via arbitrary file deletion... Read more

    Affected Products : avira_prime
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-13959

    Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-13961

    Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a s... Read more

    Affected Products : cleanup_premium
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-29509

    Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-47269

    code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a... Read more

    Affected Products : code-server
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-4510

    A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initi... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4512

    A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the argument action leads to cross site scripting. It is pos... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-4513

    A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-47817

    In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-47828

    Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4555

    The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions include opening gates, viewing licens... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-4551

    A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch ... Read more

    Affected Products :
    • Published: May. 11, 2025
    • Modified: May. 12, 2025

  • 2.7

    LOW
    CVE-2025-46748

    An authenticated user attempting to change their password could do so without using the current password.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-46747

    An authenticated user without user-management permissions could identify other user accounts.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-3455

    The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This... Read more

    Affected Products : 1_click_migration
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-46739

    An unauthenticated user could discover account credentials via a brute-force attack without rate limiting... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2158

    The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated at... Read more

    Affected Products :
    • Published: May. 10, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-46743

    An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-3496

    An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4556

    The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on th... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 292750 Results