Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-2308

    A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be app... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-29782

    WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers ... Read more

    Affected Products : wegia
    • Published: Mar. 14, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-29771

    HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If ... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-29780

    Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matr... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-29779

    Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `secure_redundant_execution` function in feldman_vss.py attempts to mitigate f... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-29775

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-cry... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 15, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-26312

    SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-54449

    The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facili... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2024-54448

    The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is ne... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-54447

    Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the p... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-54446

    Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on t... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2024-54445

    Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presen... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-29409

    File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.... Read more

    Affected Products : nest
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025

  • 8.7

    HIGH
    CVE-2024-12245

    Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the prese... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-12020

    There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possibl... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12019

    The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing do... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-29774

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-cry... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 15, 2025

  • 7.1

    HIGH
    CVE-2025-29387

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29386

    In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29385

    In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293334 Results