Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-2153

    A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attac... Read more

    Affected Products : hdf5
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2152

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation l... Read more

    Affected Products : assimp
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-26865

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, ... Read more

    Affected Products : ofbiz
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025

  • 7.6

    HIGH
    CVE-2025-25616

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-25615

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1497

    A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software r... Read more

    Affected Products : plotai
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2024-57492

    An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton.... Read more

    Affected Products : redox
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-2151

    A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buff... Read more

    Affected Products : assimp
    • Published: Mar. 10, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2025-2149

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initializ... Read more

    Affected Products : pytorch pytorch
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-2148

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None lead... Read more

    Affected Products : pytorch pytorch
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1945

    picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetec... Read more

    Affected Products : picklescan
    • Published: Mar. 10, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-1944

    picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the director... Read more

    Affected Products : picklescan
    • Published: Mar. 10, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2147

    A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to files or directories accessi... Read more

    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-24387

    A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, perform... Read more

    Affected Products : otrs
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2024-13919

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.... Read more

    Affected Products : framework
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-13918

    The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.... Read more

    Affected Products : framework
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-27257

    Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervi... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-27256

    Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a ma... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-27255

    Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-27254

    Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 292772 Results