Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-2583

    A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initia... Read more

    Affected Products : simple_machines_forum
    • Published: Mar. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2582

    A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack ... Read more

    Affected Products : simple_machines_forum
    • Published: Mar. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-13903

    A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflo... Read more

    Affected Products : quickjs
    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2025-30345

    An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML ent... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-30344

    An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the passwor... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-30343

    A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If a... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-30342

    An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to ... Read more

    Affected Products : openslides
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-50053

    Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.... Read more

    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2581

    A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Up... Read more

    Affected Products : xmedcon
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-26336

    Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buff... Read more

    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-2585

    EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products :
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-29814

    Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Published: Mar. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-29807

    Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2023-28207

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data.... Read more

    Affected Products : macos
    • Published: Mar. 21, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-54564

    This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied.... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Mar. 21, 2025
    • Modified: Mar. 25, 2025

  • 7.5

    HIGH
    CVE-2024-54551

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.... Read more

    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-44305

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-44199

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.... Read more

    Affected Products : macos
    • Published: Mar. 21, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-30334

    In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.... Read more

    Affected Products : openbsd openbsd
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Denial of Service

  • 2.1

    LOW
    CVE-2025-2574

    Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.... Read more

    Affected Products : xpdf
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291736 Results