Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    CVSS31
    CVE-2025-4947

    libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.... Read more

    Affected Products : curl
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 2.3

    CVSS31
    CVE-2024-54020

    A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.... Read more

    Affected Products : fortimanager
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 6.5

    CVSS31
    CVE-2025-27522

    Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or ch... Read more

    Affected Products : inlong
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 0.0

    NONE
    CVE-2025-2236

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the externa... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 9.1

    CVSS31
    CVE-2025-27528

    Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Use... Read more

    Affected Products : inlong
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 3.7

    CVSS31
    CVE-2025-47295

    A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare condition... Read more

    Affected Products : fortios
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 6.1

    CVSS31
    CVE-2025-5082

    The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.5

    CVSS31
    CVE-2025-5287

    The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.8

    CVSS30
    CVE-2025-1753

    LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argumen... Read more

    Affected Products : llamaindex
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 6.4

    CVSS31
    CVE-2025-4963

    The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : wp_extended
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 0.0

    NONE
    CVE-2025-40673

    A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 7.3

    CVSS31
    CVE-2025-5295

    A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has... Read more

    Affected Products : freefloat_ftp_server
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 5.3

    CVSS31
    CVE-2025-5297

    A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 0.0

    NONE
    CVE-2025-4412

    On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access ... Read more

    Affected Products : viscosity
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 6.5

    CVSS31
    CVE-2025-5269

    Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 12... Read more

    Affected Products : firefox_esr
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 5.3

    CVSS31
    CVE-2025-5244

    A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approa... Read more

    Affected Products : binutils
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 7.3

    CVSS31
    CVE-2025-48796

    A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrar... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 6.5

    CVSS31
    CVE-2025-27526

    Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache ... Read more

    Affected Products : inlong
    • Published: May. 28, 2025
    • Modified: May. 28, 2025

  • 5.9

    CVSS31
    CVE-2025-3704

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a before 5.5.5. The patch is available e... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025

  • 8.2

    CVSS31
    CVE-2025-48383

    Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access ... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
Showing 20 of 135 Results
© cvefeed.io
Latest DB Update: May. 29, 2025 9:56