Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-45250

    MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file.... Read more

    Affected Products : mrdoc
    • Published: May. 06, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-1564

    The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode... Read more

    Affected Products : schema schema_pro
    • Published: Mar. 25, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-34050

    Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.... Read more

    Affected Products : onos traffic_steering_xapplication
    • Published: Apr. 30, 2024
    • Modified: Jun. 27, 2025

  • 7.5

    HIGH
    CVE-2024-10718

    In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fi... Read more

    Affected Products : phpipam
    • Published: Mar. 20, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.6

    MEDIUM
    CVE-2024-22724

    An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.... Read more

    Affected Products : oscommerce
    • Published: Mar. 21, 2024
    • Modified: Jun. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-48175

    In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.... Read more

    Affected Products : libavif
    • Published: May. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-54000

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 8.1

    HIGH
    CVE-2024-53999

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a m... Read more

    Affected Products : mobile_security_framework
    • Published: Dec. 03, 2024
    • Modified: Jun. 27, 2025

  • 7.8

    HIGH
    CVE-2025-43550

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43573

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43574

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43575

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43576

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43577

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-43578

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-43579

    Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2024-28752

    A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including ... Read more

    • Published: Mar. 15, 2024
    • Modified: Jun. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-4825

    A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.... Read more

    Affected Products : cockpit
    • Published: May. 14, 2024
    • Modified: Jun. 27, 2025

  • 5.5

    MEDIUM
    CVE-2024-36307

    A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the abi... Read more

    Affected Products : apex_one
    • Published: Jun. 10, 2024
    • Modified: Jun. 27, 2025

  • 9.0

    HIGH
    CVE-2025-6128

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url lead... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293947 Results