Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-25302

    Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authent... Read more

    Affected Products : rembg
    • Published: Mar. 03, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25301

    Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures host... Read more

    Affected Products : rembg
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-1876

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based ... Read more

    Affected Products : dap-1562_firmware dap-1562
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2025-0678

    A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A mal... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0289

    Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-0288

    Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary ker... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-0287

    Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating ... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-0286

    Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the vi... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0285

    Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation e... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-57240

    A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : webviewer
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53388

    A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : mavo
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-53387

    A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.... Read more

    Affected Products : umeditor
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-45782

    A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may r... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-45778

    A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-27420

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the atendido_parentesco_adicionar.php endpoint of the WeGIA application. This vulnerability... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-27419

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by perfo... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-27418

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_tipo_atendido.php endpoint of the WeGIA application. This vulnerability allow... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-27417

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability all... Read more

    Affected Products : wegia
    • Published: Mar. 03, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-27099

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timefr... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-27094

    Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribu... Read more

    Affected Products : tuleap
    • Published: Mar. 03, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292228 Results