Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-6509

    A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. T... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-4563

    A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim status... Read more

    Affected Products : kubernetes
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2023-50450

    An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges.... Read more

    • Published: Jun. 23, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-47295

    A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2023-47294

    An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2023-47032

    Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-52968

    xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-lin... Read more

    Affected Products : xdg-utils
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.8

    MEDIUM
    CVE-2025-52967

    gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.... Read more

    Affected Products : mlflow
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-52879

    In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible... Read more

    Affected Products : teamcity
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-52878

    In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions... Read more

    Affected Products : teamcity
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-52877

    In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible... Read more

    Affected Products : teamcity
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-52876

    In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible... Read more

    Affected Products : teamcity
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-52875

    In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible... Read more

    Affected Products : teamcity
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-48700

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jun. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-46101

    SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-48978

    An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.... Read more

    Affected Products : itm_web_terminal
    • Published: Jun. 23, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2023-47298

    An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account status... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2023-47297

    A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 6.6

    MEDIUM
    CVE-2025-2172

    Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames... Read more

    Affected Products : controller
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-2171

    Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN... Read more

    Affected Products : controller
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication
Showing 20 of 292321 Results