Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    CVSS31
    CVE-2025-35995

    When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.7

    CVSS31
    CVE-2025-31644

    When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 3.5

    CVSS31
    CVE-2023-7303

    A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. ... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.8

    CVSS31
    CVE-2025-4043

    An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.8

    CVSS31
    CVE-2025-3925

    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.2

    CVSS31
    CVE-2025-31177

    gnuplot is affected by a heap buffer overflow at function utf8_copy_one.... Read more

    Affected Products : gnuplot
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45514

    Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.1

    CVSS31
    CVE-2025-45388

    Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-3476

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-3272

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-30147

    Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.1

    CVSS31
    CVE-2025-29746

    Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.1

    CVSS31
    CVE-2025-26169

    IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration fil... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.1

    CVSS31
    CVE-2025-26168

    IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configurati... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.8

    CVSS31
    CVE-2025-47423

    Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.5

    CVSS31
    CVE-2025-47203

    dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.... Read more

    Affected Products : dropbear_ssh
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-46828

    WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue ... Read more

    Affected Products : wegia
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 3.1

    CVSS31
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.1

    CVSS31
    CVE-2025-32821

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.... Read more

    Affected Products : sma100_firmware
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.3

    CVSS31
    CVE-2025-32820

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.... Read more

    Affected Products : sma100_firmware
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
Showing 20 of 462 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 13:46