Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-45001

    react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.... Read more

    Affected Products : react-native-keys
    • Published: Jun. 09, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-45002

    Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile.... Read more

    Affected Products : vigybag
    • Published: Jun. 09, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-5154

    A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.... Read more

    • Published: Jun. 12, 2024
    • Modified: Jun. 23, 2025

  • 8.7

    HIGH
    CVE-2025-49080

    There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack compl... Read more

    Affected Products : secure_access
    • Published: Jun. 12, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-46096

    Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component... Read more

    Affected Products : solon
    • Published: Jun. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-28386

    A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-40570

    SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.... Read more

    Affected Products : seacms
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-29976

    Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-29840

    Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29659

    Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.... Read more

    Affected Products : xy-3820_firmware xy-3820
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29660

    A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially... Read more

    Affected Products : xy-3820_firmware xy-3820
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-28102

    A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.... Read more

    Affected Products : flaskblog
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-57394

    The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by levera... Read more

    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-27086

    A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.... Read more

    Affected Products : performance_cluster_manager
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3841

    A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument... Read more

    Affected Products : jam
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2021-38487

    RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and i... Read more

    • Published: May. 05, 2022
    • Modified: Jun. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-4734

    A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument id/name leads to sql injection. It is possible to ... Read more

    Affected Products : sales_and_inventory_system
    • Published: May. 16, 2025
    • Modified: Jun. 21, 2025

  • 8.8

    HIGH
    CVE-2025-33053

    External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.... Read more

    • Actively Exploited
    • Published: Jun. 10, 2025
    • Modified: Jun. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-25678

    In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.... Read more

    Affected Products : lsquic
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-25445

    Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.... Read more

    Affected Products : hugin
    • Published: Feb. 09, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293645 Results