Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-3659

    Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - ... Read more

    Affected Products : portserver_ts_firmware
    • Published: May. 12, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-1079

    Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature... Read more

    Affected Products : linux_kernel macos web_designer
    • Published: May. 12, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-47682

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – Wo... Read more

    Affected Products : sms_alert_order_notifications
    • Published: May. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-55466

    An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : thingsboard
    • Published: May. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-4982

    A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.... Read more

    Affected Products : pagure
    • Published: May. 12, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2024-4981

    A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.... Read more

    Affected Products : pagure
    • Published: May. 12, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-44176

    Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 12, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-44175

    Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.... Read more

    Affected Products : ac10_firmware ac10
    • Published: May. 12, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2023-34732

    An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.... Read more

    Affected Products : neon-dx
    • Published: May. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-46750

    SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-46749

    An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-46748

    An authenticated user attempting to change their password could do so without using the current password.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-46747

    An authenticated user without user-management permissions could identify other user accounts.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-46746

    An administrator could discover another account's credentials.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-46745

    An authenticated user without user-management permissions could view other users' account information.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-46744

    An authenticated administrator could modify the Created By username for a user account... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-46743

    An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-46742

    Users who were required to change their password could still access system information before changing their password... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-46741

    A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-46740

    An authenticated user without user administrative permissions could change the administrator Account Name.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 293636 Results