Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2024-53348

    LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.... Read more

    Affected Products : loxilb
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2023-43029

    IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.... Read more

    • Published: Mar. 21, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2019-16151

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to ... Read more

    Affected Products : fortios
    • Published: Mar. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-30168

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication p... Read more

    Affected Products : parse-server
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30157

    Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A kn... Read more

    Affected Products : envoy
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-2598

    When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this... Read more

    Affected Products :
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-2593

    A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql injection. The attack ... Read more

    Affected Products : fastcms fastcms
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-29927

    Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization c... Read more

    Affected Products : next.js
    • Published: Mar. 21, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-29641

    Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter.... Read more

    Affected Products : vehicle_record_management_system
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-29640

    Phpgurukul Human Metapneumovirus (HMPV) – Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata..... Read more

    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-27612

    libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to a... Read more

    Affected Products :
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-24915

    When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories.  This could allow for local privilege escalation if users had not secured the directori... Read more

    Affected Products : nessus
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authorization

  • 5.2

    MEDIUM
    CVE-2021-25635

    An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algor... Read more

    Affected Products : libreoffice
    • Published: Mar. 21, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2592

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buff... Read more

    Affected Products : assimp
    • Published: Mar. 21, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-2591

    A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwid... Read more

    Affected Products : assimp
    • Published: Mar. 21, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2024-57490

    Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw.... Read more

    Affected Products : ioffice20
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2590

    A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross... Read more

    Affected Products : human_resource_management
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2589

    A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorizati... Read more

    Affected Products : human_resource_management
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-2597

    Reflected Cross-Site Scripting (XSS) in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code in... Read more

    Affected Products : itium_6050_firmware itium_6050
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-2588

    A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally i... Read more

    Affected Products : augeas
    • Published: Mar. 21, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292767 Results