Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45615

    Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45614

    Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45613

    Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45612

    Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.... Read more

    Affected Products : xmall
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45611

    Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45610

    Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45609

    Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-45608

    Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45607

    An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.... Read more

    Affected Products : itranswarp
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1909

    The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the pl... Read more

    Affected Products : buddyboss_platform
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.5

    CRITICAL
    CVE-2025-4318

    The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-4283

    A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The manipulation of the argument Username leads to sql injecti... Read more

    • Published: May. 05, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4279

    The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This makes it possibl... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-46720

    Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the ... Read more

    Affected Products : keystone
    • Published: May. 05, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-46719

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat tr... Read more

    Affected Products : open_webui
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46571

    Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the `/api/v1/files/` backend endpoint. This endpoint re... Read more

    Affected Products : open_webui
    • Published: May. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-46559

    Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. T... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-46553

    @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, i... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-46340

    Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inject arbit... Read more

    Affected Products : misskey
    • Published: May. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-46335

    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerabil... Read more

    Affected Products : mobile_security_framework
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 294117 Results