Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-2919

    A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible t... Read more

    • Published: Mar. 28, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-2917

    A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch t... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Mar. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-2916

    A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command inj... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-2915

    A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking loca... Read more

    Affected Products : hdf5
    • Published: Mar. 28, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-2914

    A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is re... Read more

    Affected Products : hdf5
    • Published: Mar. 28, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-2913

    A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be a... Read more

    Affected Products : hdf5
    • Published: Mar. 28, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-2912

    A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The at... Read more

    Affected Products : hdf5
    • Published: Mar. 28, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2713

    Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with ro... Read more

    Affected Products : gvisor
    • Published: Mar. 28, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31010

    Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-30372

    Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL d... Read more

    Affected Products : emlog
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2025-30371

    Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are us... Read more

    Affected Products : metabase
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-30211

    Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on a... Read more

    Affected Products : otp
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-29928

    authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not r... Read more

    Affected Products : authentik
    • Published: Mar. 28, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-22767

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in globalpayments GlobalPayments WooCommerce allows Reflected XSS. This issue affects GlobalPayments WooCommerce: from n/a through 1.13.0.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22575

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22566

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-22526

    Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-22523

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.... Read more

    Affected Products : schedule
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22501

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22360

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292759 Results