Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-24915

    When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories.  This could allow for local privilege escalation if users had not secured the directori... Read more

    Affected Products : nessus
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authorization

  • 5.2

    MEDIUM
    CVE-2021-25635

    An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algor... Read more

    Affected Products : libreoffice
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2592

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buff... Read more

    Affected Products : assimp
    • Published: Mar. 21, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-2591

    A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwid... Read more

    Affected Products : assimp
    • Published: Mar. 21, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2024-57490

    Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.... Read more

    Affected Products : ioffice20
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2590

    A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross... Read more

    Affected Products : human_resource_management
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2589

    A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorizati... Read more

    Affected Products : human_resource_management
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-2597

    Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code in... Read more

    Affected Products : itium_6050_firmware itium_6050
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2588

    A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally i... Read more

    Affected Products : augeas
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-2587

    A vulnerability, which was classified as critical, was found in Jinher OA C6 1.0. This affects an unknown part of the file IncentivePlanFulfillAppprove.aspx. The manipulation of the argument httpOID leads to sql injection. It is possible to initiate the a... Read more

    Affected Products : jinher_oa_c6
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-30179

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-27933

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public... Read more

    Affected Products : mattermost_server
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-27715

    Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-25274

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-25068

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-24920

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-2584

    A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to h... Read more

    Affected Products : wabt
    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-30348

    encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).... Read more

    Affected Products : qt
    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025

  • 7.5

    HIGH
    CVE-2025-30347

    Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.... Read more

    Affected Products : varnish_enterprise
    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-30346

    Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.... Read more

    • Published: Mar. 21, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291736 Results