Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-9639

    Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-52874

    In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13931

    Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2024-13930

    An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MA... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-13929

    Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13928

    SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-48061

    wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again afte... Read more

    Affected Products : wire-webapp
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-47780

    Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk comman... Read more

    Affected Products : asterisk
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-47779

    Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not g... Read more

    Affected Products : asterisk
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-46716

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-46715

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-45472

    Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-43596

    An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (re... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-33138

    IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : linux_kernel aspera_faspex
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-33137

    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.... Read more

    Affected Products : linux_kernel aspera_faspex
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-33136

    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.... Read more

    Affected Products : linux_kernel aspera_faspex
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 9.5

    CRITICAL
    CVE-2024-48853

    An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-48850

    Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5081

    A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. ... Read more

    Affected Products : cybercafe_management_system
    • Published: May. 22, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-4366

    A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache pois... Read more

    Affected Products : pingora
    • Published: May. 22, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291793 Results