Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-25288

    @octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially cra... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-25285

    @octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-0503

    Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.3

    HIGH
    CVE-2025-26508

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-26507

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.2

    CRITICAL
    CVE-2025-26506

    Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2025-26158

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.... Read more

    • Published: Feb. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-26157

    A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Feb. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-26156

    A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.... Read more

    • Published: Feb. 14, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-25997

    Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-25994

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-25993

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-25992

    SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-25991

    SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.... Read more

    Affected Products : hoosk
    • Published: Feb. 14, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-25990

    Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.... Read more

    Affected Products : hoosk
    • Published: Feb. 14, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-25988

    Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.... Read more

    Affected Products : hoosk
    • Published: Feb. 14, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-25295

    Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export funct... Read more

    Affected Products : label_studio
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-25206

    eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. Thi... Read more

    Affected Products : elabftw
    • Published: Feb. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-25204

    `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestati... Read more

    Affected Products : cli
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2024-8893

    Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1.... Read more

    Affected Products :
    • Published: Feb. 14, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 291750 Results