Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21893

    In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in key_put() Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so key_put() is not allowed to touch the key a... Read more

    Affected Products : linux_kernel
    • Published: Mar. 31, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-3008

    A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection. The exploit has... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-3007

    A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/net... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-31129

    Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-31128

    gifplayer is a customizable jquery plugin to play and stop animated gifs. gifplayer contains a cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 0.3.7.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-29908

    Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server ... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-3006

    A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation of the argument Category leads to sql injection. The att... Read more

    Affected Products : e-diary_management_system
    • Published: Mar. 31, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-3005

    A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launc... Read more

    Affected Products : forestblog
    • Published: Mar. 31, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3004

    A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The ... Read more

    Affected Products : forestblog
    • Published: Mar. 31, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-3003

    A vulnerability, which was classified as critical, was found in ESAFENET CDG 3. Affected is an unknown function of the file /CDGServer3/UserAjax. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : cdg
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-31125

    Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. ... Read more

    Affected Products : vite
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2025-31122

    scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-31117

    OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauth... Read more

    Affected Products : openemr
    • Published: Mar. 31, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-31116

    Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to... Read more

    Affected Products : mobile_security_framework
    • Published: Mar. 31, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 2.7

    LOW
    CVE-2025-30369

    Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-30368

    Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefor... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 31, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2025-30223

    Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows atta... Read more

    Affected Products : beego
    • Published: Mar. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-30006

    Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-30005

    Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all vers... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-30004

    Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection
Showing 20 of 292803 Results