Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-3937

    Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-3936

    Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-2272

    Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5074

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5073

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remote... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-41403

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-3836

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-3444

    Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.... Read more

    • Published: May. 22, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-25010

    Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-4419

    The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrar... Read more

    Affected Products : hot_random_image hot_random_image
    • Published: May. 22, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-4405

    The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products : hot_random_image hot_random_image
    • Published: May. 22, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-4280

    MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary c... Read more

    Affected Products :
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-9544

    The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products : mapsvg
    • Published: May. 22, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-4123

    A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vuln... Read more

    Affected Products : grafana
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-4133

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.... Read more

    Affected Products : blog2social
    • Published: May. 22, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-5062

    The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This ma... Read more

    Affected Products : woocommerce
    • Published: May. 22, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-3887

    GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit... Read more

    Affected Products : debian_linux gstreamer
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-3885

    Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication ... Read more

    Affected Products : harman_mgu21_firmware harman_mgu21
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-3884

    Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulner... Read more

    Affected Products : hue
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-3883

    eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authenticatio... Read more

    Affected Products : cph2_echarge_firmware cph2_echarge
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection
Showing 20 of 293435 Results