Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-44083

    An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: May. 21, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-3751

    The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-2261

    Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-27558

    IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames tow... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2024-57529

    Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.... Read more

    Affected Products : jetplanner
    • Published: May. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5033

    A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-s... Read more

    Affected Products : teacms
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-5020

    Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS <... Read more

    Affected Products : firefox
    • Published: May. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2025-48069

    ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statemen... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2025-48064

    GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-48063

    XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as ... Read more

    Affected Products : xwiki
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-48060

    jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As... Read more

    Affected Products : jq
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-47291

    containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, th... Read more

    Affected Products : containerd
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-46822

    OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Path Traversal

  • 5.7

    MEDIUM
    CVE-2025-2102

    Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5032

    A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch... Read more

    Affected Products : online_shopping_portal
    • Published: May. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-5031

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-5030

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os comm... Read more

    Affected Products : killwxapkg
    • Published: May. 21, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-4416

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.... Read more

    Affected Products : events_log_track
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-4415

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.... Read more

    Affected Products : piwik_pro
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-48012

    Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication
Showing 20 of 293425 Results