Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-34732

    An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.... Read more

    Affected Products : neon-dx
    • Published: May. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-46750

    SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-46749

    An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-46748

    An authenticated user attempting to change their password could do so without using the current password.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-46747

    An authenticated user without user-management permissions could identify other user accounts.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-46746

    An administrator could discover another account's credentials.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-46745

    An authenticated user without user-management permissions could view other users' account information.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-46744

    An authenticated administrator could modify the Created By username for a user account... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-46743

    An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-46742

    Users who were required to change their password could still access system information before changing their password... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-46741

    A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-46740

    An authenticated user without user administrative permissions could change the administrator Account Name.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-46739

    An unauthenticated user could discover account credentials via a brute-force attack without rate limiting... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45779

    Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.... Read more

    Affected Products : ac10_firmware ac10
    • Published: May. 12, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-3632

    IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size.... Read more

    • Published: May. 12, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-47578

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through 0.3.8.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2025-46738

    An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code.... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-46737

    SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpe... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-44830

    EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.... Read more

    Affected Products : engineercms
    • Published: May. 12, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44022

    An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.... Read more

    Affected Products : vvveb
    • Published: May. 12, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication
Showing 20 of 294068 Results