Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    CVSS31
    CVE-2025-3913

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify t... Read more

    Affected Products : mattermost_server
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48472

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48474

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conv... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 2.6

    CVSS31
    CVE-2025-46570

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 4.2

    CVSS31
    CVE-2025-46722

    vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing metho... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 9.8

    CVSS31
    CVE-2023-41591

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 3.3

    CVSS31
    CVE-2025-5324

    A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible t... Read more

    Affected Products : gpu-z
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 9.1

    CVSS31
    CVE-2025-4967

    Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.... Read more

    Affected Products : portal_for_arcgis
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 6.3

    CVSS31
    CVE-2025-5325

    A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The mani... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 6.3

    CVSS31
    CVE-2025-5326

    A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deseria... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 6.3

    CVSS31
    CVE-2025-5327

    A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to i... Read more

    Affected Products : mccms
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 7.3

    CVSS31
    CVE-2025-5330

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    Affected Products : freefloat_ftp_server
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 7.3

    CVSS31
    CVE-2025-5331

    A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploi... Read more

    Affected Products : ftp_server
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 7.3

    CVSS31
    CVE-2025-5332

    A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated re... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025

  • 9.8

    CVSS31
    CVE-2025-41438

    The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-47952

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to ... Read more

    Affected Products : traefik
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48491

    Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 0.0

    NONE
    CVE-2025-48483

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitiz... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 8.3

    CVSS31
    CVE-2025-48881

    Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025

  • 6.4

    CVSS31
    CVE-2025-5259

    The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
Showing 20 of 192 Results
© cvefeed.io
Latest DB Update: May. 31, 2025 3:48