Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    CVSS31
    CVE-2025-48926

    The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 4.3

    CVSS31
    CVE-2025-48925

    The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 0.0

    NONE
    CVE-2025-48746

    Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 6.5

    CVSS31
    CVE-2025-36572

    Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vul... Read more

    Affected Products : powerstoreos
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 6.1

    CVSS31
    CVE-2025-32802

    Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecur... Read more

    Affected Products : kea
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.8

    CVSS31
    CVE-2025-32801

    Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea ver... Read more

    Affected Products : kea
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 5.1

    CVSS31
    CVE-2024-47056

    SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, A... Read more

    Affected Products : mautic
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-45343

    An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 4.3

    CVSS31
    CVE-2024-51453

    IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : sterling_secure_proxy
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 5.9

    CVSS31
    CVE-2024-38341

    IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : sterling_secure_proxy
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 5.4

    CVSS31
    CVE-2025-5283

    Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 5.4

    CVSS31
    CVE-2025-5281

    Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 5.4

    CVSS31
    CVE-2025-5067

    Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 6.5

    CVSS31
    CVE-2025-5066

    Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Mediu... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 6.5

    CVSS31
    CVE-2025-5065

    Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 5.4

    CVSS31
    CVE-2025-5064

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 8.6

    CVSS31
    CVE-2025-45997

    Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg.... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 9.8

    CVSS31
    CVE-2025-3357

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.... Read more

    Affected Products : tivoli_monitoring
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 5.3

    CVSS31
    CVE-2025-47294

    A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request.... Read more

    Affected Products : fortios
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.0

    CVSS31
    CVE-2025-5222

    A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
Showing 20 of 135 Results
© cvefeed.io
Latest DB Update: May. 29, 2025 9:55