Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4871

    A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely.... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 18, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4872

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The ex... Read more

    • Published: May. 18, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4905

    A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has ... Read more

    Affected Products : basestation
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-28371

    EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password ... Read more

    Affected Products : enh500_firmware enh500
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025

  • 4.8

    MEDIUM
    CVE-2025-44108

    A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then... Read more

    Affected Products : flatpress
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-55063

    Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant paramet... Read more

    Affected Products : dc_netscope
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-30072

    Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm.... Read more

    Affected Products : twx1hakv2_firmware twx1hakv2
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 6.2

    MEDIUM
    CVE-2025-3908

    The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.... Read more

    Affected Products : linux_kernel openvpn3linux
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-28203

    Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.... Read more

    Affected Products : rx1800_firmware rx1800
    • Published: May. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-43714

    The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers.... Read more

    Affected Products : chatgpt
    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-4940

    A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql inject... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-2929

    The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-41231

    VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.... Read more

    Affected Products : cloud_foundation
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-3582

    The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : newsletter
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-4977

    A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may ... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    HIGH
    CVE-2025-4978

    A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It ... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-53359

    An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.... Read more

    Affected Products : zalo
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4980

    A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-26086

    An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time... Read more

    Affected Products : management_system
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-22157

    This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This... Read more

    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 293350 Results