Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-40907

    FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via craft... Read more

    Affected Products : fcgi
    • Published: May. 16, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-40906

    BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Per... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Supply Chain

  • 4.0

    MEDIUM
    CVE-2025-2814

    Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 4.0

    MEDIUM
    CVE-2025-27552

    DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.000... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 4.0

    MEDIUM
    CVE-2025-27551

    DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn ... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Sep. 05, 2025

  • 7.7

    HIGH
    CVE-2025-1860

    Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-1828

    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Cryp... Read more

    Affected Products : crypt\
    • Published: Mar. 11, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2024-58036

    Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically stat... Read more

    Affected Products : net\
    • Published: Apr. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2024-57868

    Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Use... Read more

    Affected Products : web\
    • Published: Apr. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-56370

    Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is ... Read more

    Affected Products :
    • Published: Apr. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2024-52322

    WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically state... Read more

    Affected Products : webservice\
    • Published: Apr. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-48372

    Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–999... Read more

    Affected Products : schule_school_management_system
    • Published: May. 22, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-48373

    Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk becau... Read more

    Affected Products : schule_school_management_system
    • Published: May. 22, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2021-27285

    An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.... Read more

    Affected Products : clusterengine
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025

  • 6.6

    MEDIUM
    CVE-2025-48375

    Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP requ... Read more

    Affected Products : schule_school_management_system
    • Published: May. 23, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-55076

    Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-52532

    GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.... Read more

    Affected Products : libsoup
    • Published: Nov. 11, 2024
    • Modified: Sep. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-47535

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded ... Read more

    Affected Products : netty windows
    • Published: Nov. 12, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-36620

    moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Sep. 05, 2025

  • 7.5

    HIGH
    CVE-2024-53980

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed F... Read more

    Affected Products : riot
    • Published: Nov. 29, 2024
    • Modified: Sep. 05, 2025
Showing 20 of 293306 Results