Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    CVSS31
    CVE-2025-3171

    A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 7.3

    CVSS31
    CVE-2025-3170

    A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possi... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 0.0

    NONE
    CVE-2025-31483

    Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2025-31127

    Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encrypti... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2025-31126

    Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.0

    CVSS31
    CVE-2025-3169

    A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. T... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 7.3

    CVSS31
    CVE-2025-3168

    A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql i... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 6.5

    CVSS31
    CVE-2025-3167

    A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to deni... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2025-3166

    A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function search_item of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 3.3

    CVSS31
    CVE-2025-32054

    In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 0.0

    NONE
    CVE-2025-31115

    XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2023-47639

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2025-3165

    A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 4.7

    CVSS31
    CVE-2025-3164

    A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Han... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2025-3163

    A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-29987

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 9.0

    CVSS31
    CVE-2025-22457

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 0.0

    NONE
    CVE-2024-4877

    OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges... Read more

    Affected Products : sinema_remote_connect
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 5.3

    CVSS31
    CVE-2025-3162

    A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function load_weight_ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deseriali... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025

  • 8.8

    CVSS31
    CVE-2025-3161

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may b... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 03, 2025
Showing 20 of 288 Results
© cvefeed.io
Latest DB Update: Apr. 04, 2025 4:14