Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-29339

    An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagate... Read more

    Affected Products : open5gs
    • Published: Apr. 22, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-44755

    Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.... Read more

    Affected Products : sacco_management_system
    • Published: Apr. 22, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25580

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25590

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-25585

    Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-27913

    Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.... Read more

    Affected Products : passbolt_api
    • Published: Mar. 10, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-43052

    IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS l... Read more

    Affected Products : control_center
    • Published: Mar. 07, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-47748

    Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.... Read more

    Affected Products : directory_manager
    • Published: May. 28, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Cryptography

  • 5.0

    MEDIUM
    CVE-2025-48747

    Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.... Read more

    Affected Products : directory_manager
    • Published: May. 28, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-48749

    Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.... Read more

    Affected Products : directory_manager
    • Published: May. 28, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-22653

    yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.... Read more

    Affected Products : yasm
    • Published: May. 29, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-54961

    Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-22973

    An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.... Read more

    Affected Products : qibocms_x1
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-2757

    In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that ... Read more

    Affected Products : php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-3096

    In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.... Read more

    Affected Products : debian_linux php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-3901

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2022-21505

    In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure B... Read more

    Affected Products : linux
    • Published: Dec. 24, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2024-21210

    Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via... Read more

    Affected Products : jdk jre java_se
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2024-21208

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Or... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293605 Results