Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-24190

    The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users pict... Read more

    Affected Products : ourphoto
    • EPSS Score: %0.08
    • Published: Nov. 28, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-24189

    The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allo... Read more

    Affected Products : ourphoto
    • EPSS Score: %0.06
    • Published: Nov. 28, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-24188

    The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions man... Read more

    Affected Products : ourphoto
    • EPSS Score: %0.06
    • Published: Nov. 28, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-24187

    The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. ... Read more

    Affected Products : ourphoto
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2025-40014

    In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-31720

    A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.... Read more

    Affected Products : jenkins
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31721

    A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.... Read more

    Affected Products : jenkins
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-31722

    In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.... Read more

    Affected Products : templating_engine
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 2.5

    LOW
    CVE-2024-58251

    In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-27581

    NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13307

    The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-3300

    The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read a... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 2.9

    LOW
    CVE-2025-43965

    In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-46419

    Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet.... Read more

    Affected Products : weos
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-3607

    The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3761

    The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users t... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 3.2

    LOW
    CVE-2025-46394

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-29526

    A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-3101

    The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it po... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-30409

    Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291617 Results