Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-2148

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None lead... Read more

    Affected Products : pytorch pytorch
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1945

    picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetec... Read more

    Affected Products : picklescan
    • Published: Mar. 10, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-1944

    picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the director... Read more

    Affected Products : picklescan
    • Published: Mar. 10, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2147

    A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessi... Read more

    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-24387

    A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, perform... Read more

    Affected Products : otrs
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2024-13919

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.... Read more

    Affected Products : framework
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-13918

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.... Read more

    Affected Products : framework
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-27257

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervi... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-27256

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a ma... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-27255

    Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-27254

    Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-27253

    An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that enstablishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the att... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-2150

    The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email... Read more

    Affected Products : c\&cm\@il
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-11638

    The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as ... Read more

    Affected Products : gtbabel
    • Published: Mar. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-1926

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post funct... Read more

    Affected Products : pagelayer
    • Published: Mar. 10, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2024-43107

    Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-41724

    Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-2133

    A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be la... Read more

    Affected Products : ftcms
    • Published: Mar. 10, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2132

    A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to la... Read more

    Affected Products : ftcms
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-2131

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.3. It has been rated as problematic. This issue affects some unknown processing of the component Friendly Links Handler. The manipulation of the argument Website Address leads to cross site scripting... Read more

    Affected Products : xunruicms
    • Published: Mar. 09, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292763 Results