Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2025-30222

    Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure `shell: 'cmd.exe'` or ... Read more

    Affected Products : shescape
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-30219

    RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScr... Read more

    Affected Products : rabbitmq rabbitmq_server
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-30741

    Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.... Read more

    Affected Products : pixelfed
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-29789

    OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.... Read more

    Affected Products : openemr
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-27837

    An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-27836

    An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27835

    An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27834

    An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27833

    An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-27832

    An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-27831

    An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27830

    An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25374

    In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.... Read more

    Affected Products : cfs
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25373

    The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.... Read more

    Affected Products : cfs
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25372

    NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module.... Read more

    Affected Products : cfs
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25371

    NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system.... Read more

    Affected Products : cfs
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-55030

    A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.... Read more

    Affected Products : fprime
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-55029

    NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... Read more

    Affected Products : fprime
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55028

    A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.... Read more

    Affected Products : fprime
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-30216

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and pr... Read more

    Affected Products : cryptolib
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291756 Results