Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-25042

    A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potent... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-25040

    A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The ... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24801

    GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-24799

    GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-21619

    GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-2487

    A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MOD... Read more

    • Published: Mar. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-26138

    Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement th... Read more

    Affected Products : risk_value
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26137

    Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information.... Read more

    Affected Products : risk_value
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-25595

    A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : safe
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2024-56347

    IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.... Read more

    Affected Products : aix
    • Published: Mar. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-56346

    IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.... Read more

    Affected Products : aix
    • Published: Mar. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-27688

    Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-25589

    An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: XML External Entity

  • 4.2

    MEDIUM
    CVE-2025-25586

    yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-25582

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-57170

    SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-57169

    A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30132

    An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and ... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-30123

    An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30122

    An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication
Showing 20 of 293304 Results