Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1387

    Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.... Read more

    Affected Products : orca_hcm
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-1374

    A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql inject... Read more

    • Published: Feb. 17, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-1373

    A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local acce... Read more

    Affected Products : ffmpeg
    • Published: Feb. 17, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2025-26700

    Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen ... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-1372

    A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-1371

    A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-1370

    A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injec... Read more

    Affected Products : escan_anti-virus
    • Published: Feb. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 4.5

    MEDIUM
    CVE-2025-1369

    A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack nee... Read more

    Affected Products : escan_anti-virus
    • Published: Feb. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-1368

    A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath lea... Read more

    Affected Products : escan_anti-virus
    • Published: Feb. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1367

    A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached ... Read more

    Affected Products : escan_anti-virus
    • Published: Feb. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1366

    A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be app... Read more

    Affected Products : escan_anti-virus
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-1365

    A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is ... Read more

    Affected Products :
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0591

    Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.... Read more

    Affected Products : cx-one
    • Published: Feb. 17, 2025
    • Modified: Feb. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-26779

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0.... Read more

    Affected Products : keep_backup_daily
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-26768

    Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-26767

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12.... Read more

    Affected Products : qubely
    • Published: Feb. 16, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-26766

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8.... Read more

    Affected Products : leyka
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-26765

    Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26761

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-26759

    Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager allows Stored XSS. This issue affects Content Snippet Manager: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291739 Results