Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-2782

    The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. Thi... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-2781

    The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. ... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-28097

    OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.... Read more

    Affected Products : onenav onenav
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-28096

    OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.... Read more

    Affected Products : onenav onenav
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-28094

    shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.... Read more

    Affected Products : shopxo
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-28093

    ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.... Read more

    Affected Products : shopxo
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-28092

    ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.... Read more

    Affected Products : shopxo
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-28091

    maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.... Read more

    Affected Products : maccms
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-28090

    maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.... Read more

    Affected Products : maccms
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.1

    CRITICAL
    CVE-2025-28089

    maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.... Read more

    Affected Products : maccms
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-28087

    Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.... Read more

    Affected Products : online_exam_system
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25579

    TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-58130

    In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.... Read more

    Affected Products : misp
    • Published: Mar. 28, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-58129

    In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.... Read more

    Affected Products : misp
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-58128

    In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.... Read more

    Affected Products : misp
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2927

    A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to la... Read more

    Affected Products : cdg
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-28256

    An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-28254

    Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().... Read more

    Affected Products : leantime
    • Published: Mar. 28, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-22953

    A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can e... Read more

    Affected Products : human_capital_management
    • Published: Mar. 28, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-6875

    A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.... Read more

    Affected Products : infinispan
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293414 Results