Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-22890

    curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the... Read more

    • Published: Apr. 01, 2021
    • Modified: Jun. 09, 2025

  • 5.3

    MEDIUM
    CVE-2021-22876

    curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically popu... Read more

    • Published: Apr. 01, 2021
    • Modified: Jun. 09, 2025

  • 7.2

    HIGH
    CVE-2010-4226

    cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.... Read more

    Affected Products : opensuse cpio
    • Published: Feb. 06, 2014
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2025-5509

    A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the att... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5510

    A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-5520

    A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to ... Read more

    Affected Products : open5gs
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2025-48998

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The ... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-5521

    A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The... Read more

    Affected Products : wukongcrm
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-5523

    A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of t... Read more

    Affected Products : web-flash
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5527

    A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer o... Read more

    Affected Products : rx3_firmware rx3
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-24015

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect ke... Read more

    Affected Products : deno
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-5545

    A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manip... Read more

    Affected Products : oa_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-27444

    A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This a... Read more

    Affected Products : rsform\!pro
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-27811

    A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service.... Read more

    Affected Products : synapse_4
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5592

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be laun... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5599

    A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be ini... Read more

    Affected Products : student_result_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-5715

    A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. I... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-5714

    A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArq... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-5713

    A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descriç... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2020-21514

    An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.... Read more

    Affected Products : fluentd fluentd-ui
    • Published: Apr. 04, 2023
    • Modified: Jun. 09, 2025
Showing 20 of 292845 Results