Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0792

    A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. T... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0791

    A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated rem... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-0790

    A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The ... Read more

    Affected Products : cdg
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2023-35017

    IBM Security Verify Governance 10.0.2 Identity Manager can transmit user credentials in clear text that could be obtained by an attacker using man in the middle techniques.... Read more

    Affected Products : security_verify_governance
    • Published: Jan. 29, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-0789

    A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to initiate the attack remotely. The exploit... Read more

    Affected Products : cdg
    • Published: Jan. 28, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0788

    A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /content_top.jsp. The manipulation of the argument id leads to sql injection. The attack may be launched remotely... Read more

    Affected Products : cdg
    • Published: Jan. 28, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-57519

    An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.... Read more

    Affected Products : open5gs
    • Published: Jan. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-56529

    Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is ... Read more

    Affected Products : mailcow\
    • Published: Jan. 28, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-48310

    AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-22917

    A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-0787

    A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /appDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack ca... Read more

    Affected Products : cdg
    • Published: Jan. 28, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-0786

    A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely. The... Read more

    Affected Products : cdg
    • Published: Jan. 28, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-0785

    A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. T... Read more

    Affected Products : cdg
    • Published: Jan. 28, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-57514

    The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and execute... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-57376

    Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.... Read more

    • Published: Jan. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-55968

    An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interpro... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2024-29869

    Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written i... Read more

    Affected Products : hive
    • Published: Jan. 28, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-24826

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625.... Read more

    Affected Products : snap_deploy
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-24482

    A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.... Read more

    Affected Products : factorytalk_view
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-24481

    An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configurat... Read more

    Affected Products : factorytalk_view
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291170 Results