Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-1204

    The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1068

    There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a ... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1067

    There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specif... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-26601

    A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes tr... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26600

    A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26599

    An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window t... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26598

    An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return th... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26597

    A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups,... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26596

    A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26595

    A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26594

    A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-23024

    GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-21627

    GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an un... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-21626

    GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workaround... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-11955

    A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be la... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-27000

    Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-26995

    Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.... Read more

    Affected Products : market_exporter
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-26993

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim allows Reflected XSS. This issue affects Atarim: from n/a through 4.1.0.... Read more

    Affected Products : atarim
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-26991

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS. This issue affects WPPizza: from n/a through 3.19.4.... Read more

    Affected Products : wppizza
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-26987

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. This issue affects Frontend Admin by DynamiApps: from n/a through 3.25.17.... Read more

    Affected Products : frontend_admin
    • Published: Feb. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291625 Results