Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.9

    LOW
    CVE-2025-47952

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to ... Read more

    Affected Products : traefik
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-44906

    jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.... Read more

    Affected Products : jhead
    • Published: May. 30, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44905

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-44904

    hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.... Read more

    Affected Products : hdf5
    • Published: May. 30, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-48757

    An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual custo... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-44619

    Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44614

    Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2025-44612

    Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.... Read more

    • Published: May. 30, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2024-12224

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to a... Read more

    Affected Products : idna
    • Published: May. 30, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2020-36846

    A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a ... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-46352

    The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-41438

    The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1907

    Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5332

    A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated re... Read more

    Affected Products : online_notice_board
    • Published: May. 29, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5331

    A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploi... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5330

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-5307

    Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.... Read more

    Affected Products : dicom_viewer_pro
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-31264

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more

    Affected Products : macos
    • Published: May. 29, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-31263

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.... Read more

    Affected Products : macos
    • Published: May. 29, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-31261

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: May. 29, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 292730 Results