Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-25363

    An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user... Read more

    Affected Products : enterprise_mail_handler
    • Published: Mar. 13, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-24053

    Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-30143

    HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-2284

    A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".... Read more

    Affected Products : sante_pacs_server
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-2265

    The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash c... Read more

    Affected Products : sante_pacs_server
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-2264

    A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.... Read more

    Affected Products : sante_pacs_server
    • Published: Mar. 13, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-2263

    During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflo... Read more

    Affected Products : sante_pacs_server
    • Published: Mar. 13, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-2081

    Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-2080

    Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the produ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-2079

    Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-29773

    Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with accou... Read more

    Affected Products : froxlor
    • Published: Mar. 13, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-29768

    Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filen... Read more

    Affected Products : vim bootstrap_os hci_compute_node
    • Published: Mar. 13, 2025
    • Modified: Aug. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-28011

    A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.... Read more

    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-27138

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerabili... Read more

    Affected Products : dataease
    • Published: Mar. 13, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-27107

    Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-27103

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The... Read more

    Affected Products : dataease
    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025

  • 7.3

    HIGH
    CVE-2025-24974

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No kno... Read more

    Affected Products : dataease
    • Published: Mar. 13, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-1767

    This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, ... Read more

    Affected Products : kubernetes
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-1652

    A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the... Read more

    • Published: Mar. 13, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1651

    A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the... Read more

    • Published: Mar. 13, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292907 Results