Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-5136

    A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. I... Read more

    Affected Products : tmall_demo
    • Published: May. 25, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-32790

    Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrat... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32795

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-a... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29058

    An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.... Read more

    Affected Products : qimou_cms
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-29339

    An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagate... Read more

    Affected Products : open5gs
    • Published: Apr. 22, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-44755

    Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.... Read more

    Affected Products : sacco_management_system
    • Published: Apr. 22, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25580

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25590

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-25585

    Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-27913

    Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.... Read more

    Affected Products : passbolt_api
    • Published: Mar. 10, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-43052

    IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS l... Read more

    Affected Products : control_center
    • Published: Mar. 07, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-47748

    Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.... Read more

    Affected Products : directory_manager
    • Published: May. 28, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Cryptography

  • 5.0

    MEDIUM
    CVE-2025-48747

    Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.... Read more

    Affected Products : directory_manager
    • Published: May. 28, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-48749

    Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.... Read more

    Affected Products : directory_manager
    • Published: May. 28, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-22653

    yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.... Read more

    Affected Products : yasm
    • Published: May. 29, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-54961

    Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.... Read more

    Affected Products : nagios_xi
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-22973

    An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.... Read more

    Affected Products : qibocms_x1
    • Published: Feb. 20, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2024-2757

    In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that ... Read more

    Affected Products : php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-3096

    In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.... Read more

    Affected Products : debian_linux php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293609 Results