Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-48482

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill() method, which processes fields such as channel and channel_id. However, the f... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-48481

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or del... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-48480

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess dur... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-48479

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 7.0

    HIGH
    CVE-2025-48478

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-48477

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the funct... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48476

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-48491

    Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-48381

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, la... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-48068

    Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router ... Read more

    Affected Products : next.js
    • Published: May. 30, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 2.9

    LOW
    CVE-2025-47952

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to ... Read more

    Affected Products : traefik
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-44906

    jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.... Read more

    Affected Products : jhead
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44905

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44904

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-48757

    An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual custo... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-44619

    Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44614

    Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2025-44612

    Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-12224

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to a... Read more

    Affected Products : idna
    • Published: May. 30, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2020-36846

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291741 Results