Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    CVSS31
    CVE-2025-28355

    Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 7.8

    CVSS31
    CVE-2025-24914

    When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 6.1

    CVSS31
    CVE-2025-29513

    Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 6.1

    CVSS31
    CVE-2025-29512

    Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28242

    Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28238

    Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28237

    An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28236

    Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28235

    An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28233

    Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract ses... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28231

    Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-1697

    A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing s... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-28059

    An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails ... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2024-41447

    A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-32796

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal us... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-32795

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-a... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-32792

    SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code i... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 7.5

    CVSS31
    CVE-2025-32442

    Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ cont... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-32434

    PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loa... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-32389

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refe... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025
Showing 20 of 423 Results
© cvefeed.io
Latest DB Update: Apr. 18, 2025 20:20