Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-2312

    A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-58105

    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered ... Read more

    Affected Products : apex_one
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-58104

    A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ab... Read more

    Affected Products : apex_one
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-30214

    Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no worka... Read more

    Affected Products : frappe
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-30213

    Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vul... Read more

    Affected Products : frappe
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30212

    Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.... Read more

    Affected Products : frappe
    • Published: Mar. 25, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-2532

    Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2531

    Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this ... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2530

    Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more

    Affected Products : keyshot
    • Published: Mar. 25, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-27147

    The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 ... Read more

    Affected Products : glpi_inventory
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26742

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.... Read more

    Affected Products : gallery_for_social_photo
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-55604

    Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith pri... Read more

    Affected Products : appsmith
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2025-30091

    In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into conf... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-29635

    A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote com... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-22230

    VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.... Read more

    Affected Products : tools
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-42533

    SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-29932

    In JetBrains GoLand before 2025.1 an XXE during debugging was possible... Read more

    Affected Products : goland
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: XML External Entity

  • 6.1

    MEDIUM
    CVE-2025-27633

    The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-27632

    A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-27631

    The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.... Read more

    Affected Products :
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection
Showing 20 of 291871 Results