Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-48477

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the funct... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48476

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to ... Read more

    Affected Products : freescout
    • Published: May. 30, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-48491

    Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-48381

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, la... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-48068

    Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router ... Read more

    Affected Products : next.js
    • Published: May. 30, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 2.9

    LOW
    CVE-2025-47952

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to ... Read more

    Affected Products : traefik
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-44906

    jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.... Read more

    Affected Products : jhead
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44905

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44904

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-48757

    An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual custo... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-44619

    Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44614

    Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2025-44612

    Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-12224

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to a... Read more

    Affected Products : idna
    • Published: May. 30, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2020-36846

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-46352

    The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-41438

    The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1907

    Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5332

    A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated re... Read more

    Affected Products : online_notice_board
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5331

    A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploi... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291756 Results