Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2025-29783

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP on all network interfaces will allow attackers to execute remote code on di... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-29770

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output (a.k.a. guided decoding). Outlines provides an optional cache for its compiled gram... Read more

    Affected Products : vllm
    • Published: Mar. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-29401

    An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : emlog
    • Published: Mar. 19, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-29137

    Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.... Read more

    Affected Products : ac7_firmware ac7
    • Published: Mar. 19, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 6.0

    MEDIUM
    CVE-2025-26486

    Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cryptography

  • 5.8

    MEDIUM
    CVE-2025-26485

    A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). The difference in the returned error messages could be used by att... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-26475

    Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensur... Read more

    Affected Products : secure_connect_gateway
    • Published: Mar. 19, 2025
    • Modified: May. 20, 2025

  • 5.8

    MEDIUM
    CVE-2025-23382

    Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vu... Read more

    Affected Products : secure_connect_gateway
    • Published: Mar. 19, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-1758

    Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above... Read more

    • Published: Mar. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-1472

    Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.... Read more

    Affected Products : mattermost_server
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2024-42176

    HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to potentially obtain access to a user's account or sensitive ... Read more

    Affected Products : dryice_myxalytics
    • Published: Mar. 19, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2024-55551

    An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can fur... Read more

    Affected Products : jdbc_driver
    • Published: Mar. 19, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2512

    The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthentica... Read more

    Affected Products : file_away
    • Published: Mar. 19, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-2511

    The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi... Read more

    Affected Products : ahathat
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2024-45644

    IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Mar. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-13933

    The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakery_var_backup_fil... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-13442

    The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booki... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-12920

    The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_del... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-27018

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cau... Read more

    Affected Products : apache-airflow-providers-mysql
    • Published: Mar. 19, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-13790

    The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to inclu... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293335 Results