Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-1780

    The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25... Read more

    • Published: Mar. 01, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-13358

    The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24... Read more

    • Published: Mar. 01, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-23119

    An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network.... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-23118

    An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-23117

    An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-23116

    An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras.... Read more

    Affected Products : unifi_protect
    • Published: Mar. 01, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-23115

    A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network.... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-27416

    Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their accoun... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-25723

    Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25478

    The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password.... Read more

    Affected Products : syspass
    • Published: Feb. 28, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-25476

    A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component.... Read more

    Affected Products : syspass
    • Published: Feb. 28, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-25379

    Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.... Read more

    Affected Products : 07flycms
    • Published: Feb. 28, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-26466

    A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client m... Read more

    • Published: Feb. 28, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Denial of Service

  • 7.6

    HIGH
    CVE-2024-1509

    Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade at... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-27414

    MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized... Read more

    Affected Products : minio
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-27413

    PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (`../`) sequences. This is problematic for the template upd... Read more

    Affected Products : pwndoc
    • Published: Feb. 28, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-27410

    PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriti... Read more

    Affected Products : pwndoc
    • Published: Feb. 28, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-0769

    PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php.... Read more

    Affected Products : pixelyoursite
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-25635

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Feb. 28, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-25610

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Feb. 28, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292247 Results