Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-20903

    Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1979

    Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could pote... Read more

    Affected Products : ray
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-24864

    Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem... Read more

    Affected Products :
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22447

    Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSyste... Read more

    Affected Products :
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2025-27625

    In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, b... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-27624

    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-27623

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27622

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-27508

    Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, ... Read more

    Affected Products : emissary
    • Published: Mar. 05, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-27516

    Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulne... Read more

    Affected Products : jinja
    • Published: Mar. 05, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25634

    A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 05, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25632

    Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 05, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25362

    A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-57174

    A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP ... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-27517

    Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.... Read more

    Affected Products : livewire
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025

  • 8.8

    HIGH
    CVE-2024-51144

    Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0.... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-2003

    Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.... Read more

    Affected Products : devolutions_server
    • Published: Mar. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-27515

    Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.... Read more

    Affected Products : framework
    • Published: Mar. 05, 2025
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2025-27513

    OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use ... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-48246

    Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php.... Read more

    • Published: Mar. 05, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293333 Results