Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-25036

    Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 (SP8).... Read more

    Affected Products :
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: XML External Entity

  • 7.3

    HIGH
    CVE-2025-25035

    Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) an... Read more

    Affected Products :
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-30349

    Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute (that may use base64-encoded JavaScript code), as exploited in th... Read more

    Affected Products : imp
    • Published: Mar. 21, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-29230

    Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-29227

    In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-29226

    In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-29223

    Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function.... Read more

    Affected Products : e5600_firmware e5600
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-53351

    Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.... Read more

    Affected Products : pipecd
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2024-53350

    Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.... Read more

    Affected Products : kubeslice
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2024-53349

    Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster... Read more

    Affected Products : kuadrant
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2024-53348

    LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.... Read more

    Affected Products : loxilb
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2023-43029

    IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.... Read more

    • Published: Mar. 21, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2019-16151

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to ... Read more

    Affected Products : fortios
    • Published: Mar. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-30168

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication p... Read more

    Affected Products : parse-server
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30157

    Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A kn... Read more

    Affected Products : envoy
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-2598

    When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this... Read more

    Affected Products :
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-2593

    A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql injection. The attack ... Read more

    Affected Products : fastcms fastcms
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-29927

    Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization c... Read more

    Affected Products : next.js
    • Published: Mar. 21, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-29641

    Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter.... Read more

    Affected Products : vehicle_record_management_system
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-29640

    Phpgurukul Human Metapneumovirus (HMPV) – Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata..... Read more

    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection
Showing 20 of 291737 Results