Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2025-3154

    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.... Read more

    Affected Products : xpdf
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3123

    A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. ... Read more

    Affected Products : wondercms
    • Published: Apr. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-3130

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1.... Read more

    Affected Products : drupal obfuscate
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3129

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.... Read more

    Affected Products : access_code
    • Published: Apr. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-3122

    A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer der... Read more

    Affected Products : wabt
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-3121

    A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been d... Read more

    Affected Products : pytorch
    • Published: Apr. 02, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3120

    A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injec... Read more

    • Published: Apr. 02, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3119

    A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The at... Read more

    Affected Products : online_tutor_portal
    • Published: Apr. 02, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-31484

    conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-31479

    canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. I... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-31477

    The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the syste... Read more

    Affected Products : plugin-shell
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-30218

    Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, eve... Read more

    Affected Products : next.js
    • Published: Apr. 02, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 1.0

    LOW
    CVE-2025-27608

    Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manage... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-0257

    HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.... Read more

    Affected Products : hcl_launch hcl_devops_deploy
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3118

    A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/courses/view_course.php. The manipulation of the argument ID leads to sql injection. It is possible to... Read more

    Affected Products : online_tutor_portal
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-30080

    Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).... Read more

    Affected Products : pexip_infinity
    • Published: Apr. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2704

    OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase... Read more

    Affected Products : openvpn
    • Published: Apr. 02, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-29719

    SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields.... Read more

    Affected Products : employee_management_system
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-29085

    SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29063

    An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.... Read more

    Affected Products : bl-ac2100_firmware bl-ac2100
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection
Showing 20 of 293351 Results