Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-3881

    eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authe... Read more

    Affected Products : cph2_echarge_firmware cph2_echarge
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3486

    Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The spe... Read more

    Affected Products : allegra
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-3484

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3483

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3482

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3481

    MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-3480

    MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentica... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-2759

    GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privilege... Read more

    Affected Products : gstreamer
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-5059

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrest... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-34025

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to t... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5057

    A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads to sql injection.... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5056

    A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category leads to sql in... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-48070

    Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with anot... Read more

    Affected Products : plane
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-47947

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's con... Read more

    Affected Products : modsecurity modsecurity
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-47942

    The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains cust... Read more

    Affected Products : edx-platform
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-34027

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2025-34026

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to h... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5053

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launche... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5052

    A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. T... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-45753

    A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.... Read more

    Affected Products : vtiger_crm
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293414 Results