Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-5165

    A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSu... Read more

    Affected Products : assimp
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-5164

    A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated ... Read more

    Affected Products : perfreeblog
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-5163

    A vulnerability, which was classified as problematic, was found in yangshare 技术杨工 warehouseManager 仓库管理系统 1.0. This affects an unknown part. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit ha... Read more

    Affected Products : warehouse_management_system
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5162

    A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGen... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-5161

    A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path tra... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-5160

    A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is poss... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-5159

    A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack m... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-2146

    Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Sat... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-5158

    A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-5157

    A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is po... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5156

    A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack ma... Read more

    Affected Products : gr-5400ax_firmware gr-5400ax
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5155

    A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The atta... Read more

    Affected Products : foxcms foxcms
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-5154

    A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext s... Read more

    Affected Products : phonepe
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-5153

    A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. ... Read more

    Affected Products : cms_made_simple
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5152

    A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql inj... Read more

    Affected Products : chanjet_cms
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-5151

    A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code in... Read more

    Affected Products : introspect
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5150

    A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled mod... Read more

    Affected Products : docarray
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-5149

    A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid lead... Read more

    Affected Products : wcms
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-5148

    A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. ... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-5147

    A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection.... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection
Showing 20 of 291878 Results