Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-33136

    IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.... Read more

    Affected Products : linux_kernel aspera_faspex
    • Published: May. 22, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 9.5

    CRITICAL
    CVE-2024-48853

    An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-48850

    Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5081

    A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. ... Read more

    Affected Products : cybercafe_management_system
    • Published: May. 22, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-4366

    A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache pois... Read more

    Affected Products : pingora
    • Published: May. 22, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-45468

    Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-2506

    When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated table... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-23183

    CWE-601: URL Redirection to Untrusted Site ('Open Redirect')... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-23182

    CWE-203: Observable Discrepancy... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    HIGH
    CVE-2025-5080

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 22, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5079

    A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack ma... Read more

    Affected Products : online_shopping_portal
    • Published: May. 22, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-5024

    A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also re... Read more

    • Published: May. 22, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-45471

    Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-32915

    Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.... Read more

    Affected Products : linux_kernel solaris checkmk checkmk
    • Published: May. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-32815

    An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32814

    An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-32813

    An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.... Read more

    Affected Products : netmri
    • Published: May. 22, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-0993

    An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.... Read more

    Affected Products : gitlab
    • Published: May. 22, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-0679

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.... Read more

    Affected Products : gitlab
    • Published: May. 22, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Information Disclosure

  • 4.6

    MEDIUM
    CVE-2025-0605

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.... Read more

    Affected Products : gitlab
    • Published: May. 22, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication
Showing 20 of 293437 Results