Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-21404

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025

  • 8.8

    HIGH
    CVE-2025-21342

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025

  • 8.8

    HIGH
    CVE-2025-21283

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025

  • 8.8

    HIGH
    CVE-2025-21279

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025

  • 4.4

    MEDIUM
    CVE-2025-21267

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025

  • 5.3

    MEDIUM
    CVE-2025-21253

    Microsoft Edge for IOS and Android Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium edge_ios
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-21177

    Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dynamics_365_sales
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.1

    LOW
    CVE-2025-1083

    A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted do... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025

  • 5.1

    MEDIUM
    CVE-2025-1082

    A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads t... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-57609

    An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-57392

    Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Mar. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-56889

    Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.... Read more

    Affected Products : complaint_management_system
    • Published: Feb. 06, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-55241

    An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025

  • 8.1

    HIGH
    CVE-2024-54909

    A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2024-53586

    An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2024-48589

    Cross Site Scripting vulnerability in Gilnei Moraes phpABook v.0.9 allows a remote attacker to execute arbitrary code via the rol parameter in index.php... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-25883

    The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 10, 2025

  • 6.3

    MEDIUM
    CVE-2020-36085

    Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For This Job Form.... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-23094

    The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to in... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-1081

    A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack nee... Read more

    Affected Products :
    • Published: Feb. 06, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Authentication
Showing 20 of 291531 Results