Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-5131

    A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted ... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-5130

    A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is ... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-5129

    A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is requ... Read more

    Affected Products : atrust
    • Published: May. 24, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-5128

    A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql i... Read more

    Affected Products : real_estate_management_system
    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-5127

    A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiat... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: May. 24, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5126

    A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: May. 24, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-5124

    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of defa... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 4.7

    MEDIUM
    CVE-2025-4223

    The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output es... Read more

    Affected Products : pagelayer
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5058

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticate... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-4603

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauth... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-4602

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of ar... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-4336

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated... Read more

    • Published: May. 24, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-5055

    The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. Thi... Read more

    Affected Products : smart_forms
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.9

    LOW
    CVE-2025-48756

    In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-48755

    In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-48754

    In the memory_pages crate 0.1.0 for Rust, division by zero can occur.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2025-48753

    In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Race Condition

  • 2.9

    LOW
    CVE-2025-48752

    In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Race Condition

  • 2.9

    LOW
    CVE-2025-48751

    The process_lock crate 0.1.0 for Rust allows data races in unlock.... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Race Condition

  • 6.1

    MEDIUM
    CVE-2025-3869

    The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: May. 24, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291867 Results