Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-22248

    The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itsel... Read more

    Affected Products : bitnami bitnami_popool bitnami\/pgpool
    • Published: May. 13, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2024-51447

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This c... Read more

    Affected Products : polarion_alm
    • Published: May. 13, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-51446

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-51445

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authentica... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2024-51444

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an S... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2024-23815

    A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server ... Read more

    Affected Products : desigo_cc
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-41645

    An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2025-3916

    CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-27696

    Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to ver... Read more

    Affected Products : superset
    • Published: May. 13, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4474

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscr... Read more

    Affected Products : frontend_dashboard
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4473

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access a... Read more

    Affected Products : frontend_dashboard
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-4339

    The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber... Read more

    Affected Products : thegem
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4317

    The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscri... Read more

    Affected Products : thegem
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-3107

    The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ... Read more

    Affected Products : newsletters
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4632

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.... Read more

    Affected Products : magicinfo_9_server
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-22249

    VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-22246

    Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.... Read more

    Affected Products : uaa_release cf-deployment
    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-4396

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.4 (Premium) due to insufficient escaping on the user sup... Read more

    Affected Products : relevanssi
    • Published: May. 13, 2025
    • Modified: May. 13, 2025

  • 7.3

    HIGH
    CVE-2025-35471

    conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-pr... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-43011

    Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality wit... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization
Showing 20 of 293641 Results