Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-4648

    Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-4647

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-4646

    Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-40628

    SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-40583

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to... Read more

    • Published: May. 13, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-40582

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local atta... Read more

    • Published: May. 13, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-40581

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-40580

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the de... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-40579

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the de... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-40578

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw... Read more

    • Published: May. 13, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40577

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially c... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40576

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially c... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40575

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially c... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2025-40574

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the back... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-40573

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-40572

    A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive infor... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 2.2

    LOW
    CVE-2025-40571

    A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.1.0), Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO module gran... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-40566

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauth... Read more

    Affected Products : simatic_pcs_neo
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-40556

    A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP message... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-40555

    A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293656 Results