Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2025-1724

    Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-2396

    The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products : u-office_force
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2395

    The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.... Read more

    Affected Products : u-office_force
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-2364

    A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdCont... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-2363

    A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path t... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-2362

    A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The atta... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-2361

    A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-2360

    A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to i... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Mar. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-2359

    A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authoriza... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Mar. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-2358

    A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipul... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-2357

    A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit ha... Read more

    Affected Products : dcmtk
    • Published: Mar. 17, 2025
    • Modified: Jun. 23, 2025

  • 6.3

    MEDIUM
    CVE-2025-2356

    A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is ... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025

  • 4.8

    MEDIUM
    CVE-2025-2355

    A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-30089

    gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-2354

    A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vam/index.php. The manipulation of the argument registry_id/plane_icao/hub_id leads... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2353

    A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-2352

    A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName lea... Read more

    Affected Products : starsea-mall
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2351

    A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The at... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-2350

    A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025

  • 3.1

    LOW
    CVE-2025-2349

    A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to passw... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025
    • Vuln Type: Authentication
Showing 20 of 293329 Results