Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-53307

    A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : maps
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-52812

    LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, afte... Read more

    Affected Products : ekuiper
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-24813

    Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0... Read more

    • Actively Exploited
    • Published: Mar. 10, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-25977

    An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.... Read more

    Affected Products : canvg
    • Published: Mar. 10, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25940

    VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.... Read more

    Affected Products : visicut
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-25382

    An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.... Read more

    Affected Products : sanchaya
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2024-52905

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.... Read more

    • Published: Mar. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-47109

    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.... Read more

    • Published: Mar. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    CRITICAL
    CVE-2025-26936

    Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-26933

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from ... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Path Traversal

  • 9.0

    CRITICAL
    CVE-2025-26916

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-26910

    Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.... Read more

    Affected Products : wpbookit wpbookit
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-25620

    Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-25614

    Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-12604

    Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue aff... Read more

    Affected Products : tap\&sign
    • Published: Mar. 10, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-2153

    A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attac... Read more

    Affected Products : hdf5
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2152

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation l... Read more

    Affected Products : assimp
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-26865

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, ... Read more

    Affected Products : ofbiz
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025

  • 7.6

    HIGH
    CVE-2025-25616

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-25615

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization
Showing 20 of 292767 Results