Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-26002

    Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-26001

    Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Mar. 26, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-25535

    HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-30353

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thr... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-30352

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do n... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-30351

    Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happen... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-2600

    Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affec... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-2562

    Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This is... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 3.6

    LOW
    CVE-2025-2528

    Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Deskto... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-2499

    Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permiss... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2024-41643

    An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component.... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-30350

    Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-30225

    Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is... Read more

    Affected Products : directus
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-30217

    Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.... Read more

    Affected Products : frappe
    • Published: Mar. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-30164

    Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that... Read more

    Affected Products : icinga_web_2
    • Published: Mar. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-27609

    Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed a... Read more

    Affected Products : icinga_web_2
    • Published: Mar. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-2783

    Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)... Read more

    Affected Products : chrome windows edge_chromium
    • Actively Exploited
    • Published: Mar. 26, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-2098

    Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-27406

    Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Ja... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-27405

    Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript i... Read more

    Affected Products : icinga_web_2
    • Published: Mar. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291779 Results