Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2023-4818

    PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.  The attacker must have physical USB access to the device in order to exploit this vuln... Read more

    Affected Products : paydroid a920
    • Published: Jan. 15, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-46343

    In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-27001

    An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.... Read more

    Affected Products : egerie
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2021-25117

    The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and prot... Read more

    Affected Products : wp-postratings
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 4.3

    MEDIUM
    CVE-2025-4316

    Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 202... Read more

    Affected Products : devolutions_server
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25504

    An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with ro... Read more

    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-28062

    A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF prot... Read more

    Affected Products : erpnext
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-43915

    In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.... Read more

    Affected Products : linkerd buoyant
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-45242

    Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.... Read more

    Affected Products : rhymix
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-46724

    Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerabl... Read more

    Affected Products : langroid
    • Published: May. 20, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-5001

    A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. ... Read more

    Affected Products : pspp
    • Published: May. 20, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-5010

    A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripti... Read more

    Affected Products : hexo-boot
    • Published: May. 21, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-5011

    A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack ca... Read more

    Affected Products : hexo-boot
    • Published: May. 21, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5013

    A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site script... Read more

    Affected Products : hkcms hkcms
    • Published: May. 21, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-48272

    Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2.... Read more

    Affected Products : wp_job_portal
    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2024-29385

    DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: Mar. 22, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2025-4932

    A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads ... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-4802

    Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen call... Read more

    Affected Products : glibc
    • Published: May. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-40120

    seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.... Read more

    Affected Products : seaweedfs
    • Published: May. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2023-40284

    An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293508 Results