Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-48949

    Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw... Read more

    Affected Products : navidrome
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-48948

    Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configur... Read more

    Affected Products : navidrome
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-48946

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malf... Read more

    Affected Products : liboqs
    • Published: May. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-48882

    PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to X... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2025-2503

    An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.... Read more

    Affected Products : pc_manager
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-2502

    An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.... Read more

    Affected Products : pc_manager
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025

  • 8.5

    HIGH
    CVE-2025-2501

    An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.... Read more

    Affected Products : pc_manager
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-1479

    An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.... Read more

    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5359

    A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more

    Affected Products : online_hospital_management_system
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-48944

    vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-48943

    vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vu... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-48942

    vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Denial of Service

  • 2.6

    LOW
    CVE-2025-48938

    go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal

  • 5.7

    MEDIUM
    CVE-2025-48885

    application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-48883

    Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5358

    A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/tod... Read more

    Affected Products : cyber_cafe_management_system
    • Published: May. 30, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5357

    A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PWD Command Handler. The manipulation leads to buffer overflow. The attack can be launched... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 30, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-5054

    Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crash... Read more

    Affected Products : ubuntu_linux apport
    • Published: May. 30, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-48887

    vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0... Read more

    Affected Products : vllm
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2023-26226

    A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682... Read more

    Affected Products : yandex_browser
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291867 Results