Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-1877

    A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possib... Read more

    Affected Products : dap-1562_firmware dap-1562
    • Published: Mar. 03, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2024-30154

    HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : hcl_sx
    • Published: Mar. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-27371

    In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC ... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-27370

    OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the... Read more

    Affected Products : openid_connect
    • Published: Mar. 03, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-0686

    A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integ... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-0685

    A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A mal... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-0684

    A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2024-53384

    A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components... Read more

    Affected Products : tsup
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-51091

    Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package... Read more

    Affected Products : seajs
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2023-49031

    Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFi... Read more

    Affected Products : tikit_emarketing
    • Published: Mar. 03, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 5.6

    MEDIUM
    CVE-2025-27498

    aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification ca... Read more

    Affected Products : aes-gcm
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2025-27423

    Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to app... Read more

    Affected Products : vim hci_compute_node
    • Published: Mar. 03, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-27422

    FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation r... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-27421

    Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the ... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-25303

    The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to dow... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2025-25302

    Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authent... Read more

    Affected Products : rembg
    • Published: Mar. 03, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25301

    Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures host... Read more

    Affected Products : rembg
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-1876

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based ... Read more

    Affected Products : dap-1562_firmware dap-1562
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2025-0678

    A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A mal... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0289

    Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization
Showing 20 of 292803 Results