Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-24968

    reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a ... Read more

    Affected Products : rengine
    • Published: Feb. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-24967

    reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the... Read more

    Affected Products : rengine
    • Published: Feb. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-24966

    reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in... Read more

    Affected Products : rengine
    • Published: Feb. 04, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-24964

    Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025

  • 5.9

    MEDIUM
    CVE-2025-24963

    Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host: true`, an attacker can send... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-0960

    AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-0630

    Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-0509

    A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-25039

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbit... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 9.5

    CRITICAL
    CVE-2025-24971

    DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an at... Read more

    Affected Products :
    • Published: Feb. 04, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-24373

    woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if t... Read more

    • Published: Feb. 04, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-0451

    Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Med... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-0445

    Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-0444

    Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 04, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-48019

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Application administrators can read arbitrary files from the server filesystem through pat... Read more

    Affected Products : doris
    • Published: Feb. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-23060

    A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-23059

    A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high pr... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-23058

    A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administ... Read more

    Affected Products : clearpass_policy_manager
    • Published: Feb. 04, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0364

    BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registrati... Read more

    Affected Products : bigant_server
    • Published: Feb. 04, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-45659

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the syste... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291551 Results