Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-28101

    An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.... Read more

    Affected Products : flaskblog
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-26852

    DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.... Read more

    Affected Products : infocad_fm infocad
    • Published: Mar. 20, 2025
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-28009

    A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20.... Read more

    Affected Products : dietiqa
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-29722

    A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.... Read more

    Affected Products : commercify
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-25192

    GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` fil... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-27501

    OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti ... Read more

    Affected Products : openziti
    • Published: Mar. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-25067

    mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.... Read more

    Affected Products : mypro
    • Published: Feb. 13, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-29180

    In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.... Read more

    Affected Products : foxcms
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-33606

    An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability.... Read more

    Affected Products : dicom_viewer
    • Published: Jun. 11, 2024
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2024-41355

    phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.... Read more

    Affected Products : phpipam
    • Published: Jul. 26, 2024
    • Modified: Apr. 23, 2025

  • 4.7

    MEDIUM
    CVE-2024-41356

    phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.... Read more

    Affected Products : phpipam
    • Published: Jul. 26, 2024
    • Modified: Apr. 23, 2025

  • 7.1

    HIGH
    CVE-2024-41357

    phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.... Read more

    Affected Products : phpipam
    • Published: Jul. 26, 2024
    • Modified: Apr. 23, 2025

  • 7.1

    HIGH
    CVE-2024-41353

    phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php... Read more

    Affected Products : phpipam
    • Published: Jul. 26, 2024
    • Modified: Apr. 23, 2025

  • 7.1

    HIGH
    CVE-2024-41354

    phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php... Read more

    Affected Products : phpipam
    • Published: Jul. 26, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-55093

    phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.... Read more

    Affected Products : phpipam
    • Published: Mar. 31, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-29181

    FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.... Read more

    Affected Products : foxcms
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-29661

    Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.... Read more

    Affected Products : litepubl_cms
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-32415

    In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a craft... Read more

    Affected Products : libxml2
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2022-45917

    ILIAS before 7.16 has an Open Redirect.... Read more

    Affected Products : ilias
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-45916

    ILIAS before 7.16 allows XSS.... Read more

    Affected Products : ilias
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293602 Results