Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-4000

    A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-4018

    A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/Craw... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-4011

    A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-4019

    A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.ja... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-3985

    A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredS... Read more

    Affected Products : central_authentication_service
    • Published: Apr. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-3906

    The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authent... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2025-3706

    The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-32471

    The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-32472

    The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-32470

    A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-31144

    Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-2801

    The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute ... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-2811

    A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025

  • 8.6

    HIGH
    CVE-2025-2851

    A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, ... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-2101

    The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include... Read more

    Affected Products :
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 2.1

    LOW
    CVE-2024-12706

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. Thi... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4017

    A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-46614

    In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-4016

    A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The ... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-4015

    A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionControl... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 292870 Results