Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-31367

    Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-48888

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-48934

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--d... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-48935

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patc... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-0691

    Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-3768

    Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-2975

    A race condition was identified through which privilege escalation was possible in certain configurations.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-4679

    A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : active_backup_for_microsoft_365
    • Published: May. 16, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2024-49194

    Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could pote... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Jul. 02, 2025

  • 4.3

    MEDIUM
    CVE-2025-52711

    Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a thro... Read more

    • Published: Jun. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.4

    HIGH
    CVE-2024-8676

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod reques... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 26, 2024
    • Modified: Jul. 02, 2025

  • 4.6

    MEDIUM
    CVE-2024-41927

    Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, ... Read more

    • Published: Sep. 04, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-37092

    A command injection remote code execution vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-37093

    An authentication bypass vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-37094

    A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5447

    A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ss... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-46611

    Cross Site Scripting vulnerability in ARTEC EMA Mail v6.92 allows an attacker to execute arbitrary code via a crafted script.... Read more

    Affected Products : ema
    • Published: May. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2023-47466

    TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.... Read more

    Affected Products : taglib
    • Published: May. 22, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5108

    A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unr... Read more

    Affected Products : shopxo
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-32794

    OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to injec... Read more

    Affected Products : openemr
    • Published: May. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294068 Results