Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-27532

    A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 8.5

    HIGH
    CVE-2024-9876

    : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.8

    MEDIUM
    CVE-2025-46331

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certa... Read more

    Affected Products : openfga
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 4.6

    MEDIUM
    CVE-2022-42449

    Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2023-45721

    Insufficient default configuration in HCL Leap allows anonymous access to directory information.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-2890

    The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient ... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-24342

    A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 2.6

    LOW
    CVE-2024-47784

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 8.2

    HIGH
    CVE-2025-32777

    Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-46554

    XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 8.4

    HIGH
    CVE-2025-46557

    XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, anyone) can acces... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-4136

    A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack re... Read more

    Affected Products : wetong_mall
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 4.6

    MEDIUM
    CVE-2022-42450

    Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.3

    MEDIUM
    CVE-2024-30115

    Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-30145

    Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 4.1

    MEDIUM
    CVE-2024-30146

    Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 9.0

    CRITICAL
    CVE-2025-47154

    LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025

  • 7.1

    HIGH
    CVE-2025-24338

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requ... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 6.3

    MEDIUM
    CVE-2025-24344

    A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a c... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2025-24346

    A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
Showing 20 of 291141 Results