Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-48958

    Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, cre... Read more

    Affected Products : froxlor
    • Published: Jun. 02, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5446

    A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_c... Read more

    • Published: Jun. 02, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2009-2466

    The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2009
    • Modified: Jun. 25, 2025

  • 10.0

    HIGH
    CVE-2010-1233

    Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.... Read more

    Affected Products : chrome
    • Published: Apr. 01, 2010
    • Modified: Jun. 25, 2025

  • 9.8

    CRITICAL
    CVE-2021-32292

    An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.... Read more

    • Published: Aug. 22, 2023
    • Modified: Jun. 25, 2025

  • 7.8

    HIGH
    CVE-2025-0289

    Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-0288

    Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary ker... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-0287

    Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating ... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-0286

    Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the vi... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0285

    Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation e... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-48827

    vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in M... Read more

    Affected Products : vbulletin
    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-24814

    Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authenti... Read more

    Affected Products : solr
    • Published: Jan. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-48828

    Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, atta... Read more

    Affected Products : vbulletin
    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-22377

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists i... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-49197

    An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4493

    Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions :  * Devolutions Ser... Read more

    Affected Products : devolutions_server
    • Published: May. 28, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-29632

    Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components... Read more

    Affected Products : free5gc
    • Published: May. 29, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-12224

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to a... Read more

    Affected Products : idna
    • Published: May. 30, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-4415

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.... Read more

    Affected Products : piwik_pro
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-54252

    Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6.... Read more

    Affected Products : pinpoint_booking_system
    • Published: Dec. 13, 2024
    • Modified: Jun. 25, 2025
Showing 20 of 293655 Results