Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-4002

    A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking l... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-4001

    A vulnerability has been found in scipopt scip up to 9.2.1 and classified as problematic. Affected by this vulnerability is the function main of the file examples/LOP/src/genRandomLOPInstance.c of the component File Descriptor Handler. The manipulation of... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-3999

    A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp ... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3997

    A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is... Read more

    Affected Products : lecms
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-3706

    The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-31144

    Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-3985

    A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredS... Read more

    Affected Products : central_authentication_service
    • Published: Apr. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-52888

    For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.... Read more

    Affected Products :
    • Published: Apr. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2024-52887

    Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.... Read more

    Affected Products :
    • Published: Apr. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-46652

    In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.... Read more

    Affected Products : izarc
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-2851

    A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, ... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3491

    The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 't... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-22924

    OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php.... Read more

    Affected Products : opensis
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-40114

    In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, w... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-22925

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability.... Read more

    Affected Products : opensis
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29062

    An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice.... Read more

    Affected Products : bl-ac2100_firmware bl-ac2100
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-29063

    An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.... Read more

    Affected Products : bl-ac2100_firmware bl-ac2100
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-31477

    The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the syste... Read more

    Affected Products : plugin-shell
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2020-29385

    GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will as... Read more

    Affected Products : ubuntu_linux fedora gdk-pixbuf
    • EPSS Score: %0.81
    • Published: Dec. 26, 2020
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-30151

    A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.... Read more

    Affected Products : prestashop envoimoinscher
    • EPSS Score: %0.98
    • Published: Jul. 13, 2023
    • Modified: Apr. 29, 2025
Showing 20 of 291722 Results