Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-25430

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-24849

    Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cryptography

  • 5.1

    MEDIUM
    CVE-2025-24843

    Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-24318

    Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-24316

    The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-23405

    Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks (ex log injection).... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-20060

    An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-20049

    The Dario Health portal service application is vulnerable to XSS, which could allow an attacker to obtain sensitive information.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0985

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.... Read more

    Affected Products : mq
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54175

    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions.... Read more

    Affected Products : mq
    • Published: Feb. 28, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2025-27400

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerabil... Read more

    Affected Products : magento
    • Published: Feb. 28, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-26263

    GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-26047

    Loggrove v1.0 is vulnerable to SQL Injection in the read.py file.... Read more

    Affected Products : loggrove
    • Published: Feb. 28, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-25461

    A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this cate... Read more

    Affected Products : seeddms
    • Published: Feb. 28, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-44754

    Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB.... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Supply Chain

  • 8.8

    HIGH
    CVE-2025-26326

    A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs beca... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-25916

    wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.... Read more

    Affected Products : wuzhicms
    • Published: Feb. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1776

    Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/searchResults. This vulnerability can be exploited to steal ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-1749

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher.... Read more

    Affected Products : opencart
    • Published: Feb. 28, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-1748

    HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register.... Read more

    Affected Products : opencart
    • Published: Feb. 28, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293259 Results