Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-4781

    A vulnerability classified as critical has been found in PHPGurukul Park Ticketing Management System 2.0. Affected is an unknown function of the file /forgot-password.php. The manipulation of the argument email/contactno leads to sql injection. It is poss... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-4478

    A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and i... Read more

    • Published: May. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-47916

    Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2025-47794

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system m... Read more

    Affected Products : notes
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-47793

    Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior... Read more

    Affected Products : nextcloud_server group_folders notes
    • Published: May. 16, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-47792

    Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be e... Read more

    Affected Products : desktop notes
    • Published: May. 16, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-47791

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 28.0.13, 29.0.10, and 30.0.3 and Nextcloud Enterprise Server prior to 28.0.13, 29.0.10, and 30.0.3, a currently unused endpoint to verify a share recipient was not prote... Read more

    Affected Products : notes
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-4780

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. ... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4778

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-4600

    A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue ... Read more

    Affected Products : application_load_balancer
    • Published: May. 16, 2025
    • Modified: Sep. 08, 2025

  • 7.3

    HIGH
    CVE-2025-4211

    Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulner... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-47790

    Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bu... Read more

    Affected Products : notes
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-32962

    Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 ... Read more

    Affected Products : flask-appbuilder flask-appbuilder
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-4777

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is po... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4773

    A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-40907

    FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via craft... Read more

    Affected Products : fcgi
    • Published: May. 16, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-40629

    PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically, the application is vulnerable to requests that access sens... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-37890

    In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux... Read more

    Affected Products : linux_kernel
    • Published: May. 16, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-2306

    An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the docume... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-2305

    A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293618 Results