Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-4135

    A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vend... Read more

    Affected Products : wg302v2_firmware wg302v2
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-46619

    A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files ... Read more

    Affected Products : couchbase_server windows
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-44194

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-44193

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44192

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-39413

    Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14.... Read more

    Affected Products : simple_sitemap simple_sitemap
    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-33074

    Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.... Read more

    Affected Products : azure_functions
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-30392

    Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_ai_bot_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-30391

    Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : dynamics_365_customer_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2025-30390

    Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-30389

    Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_ai_bot_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-24091

    An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-21416

    Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_virtual_desktop
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-3859

    Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus < 138.... Read more

    Affected Products : firefox_focus
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025

  • 7.5

    HIGH
    CVE-2025-3599

    Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user... Read more

    • Published: Apr. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4122

    A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor w... Read more

    Affected Products : jwnr2000v2_firmware jwnr2000v2
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-46342

    Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selector(s) in their match statements are mistakenly not applied during admission review ... Read more

    Affected Products : kyverno kyverno
    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-32974

    XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since versio... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-32973

    XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by ... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-32972

    XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights ... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization
Showing 20 of 293673 Results