Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2025-46331

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certa... Read more

    Affected Products : openfga
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-32777

    Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic service or the extender plugin can cause denial of service of... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-2170

    A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an uni... Read more

    Affected Products : sma1000_firmware sma1000
    • Published: Apr. 30, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-24887

    OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to ... Read more

    Affected Products : opencti
    • Published: Apr. 30, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-9877

    : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2024-9876

    : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025

  • 2.6

    LOW
    CVE-2024-47784

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-4135

    A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vend... Read more

    Affected Products : wg302v2_firmware wg302v2
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-46619

    A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files ... Read more

    Affected Products : couchbase_server windows
    • Published: Apr. 30, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-44194

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-44193

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44192

    SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.... Read more

    Affected Products : simple_barangay_management_system
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-39413

    Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14.... Read more

    Affected Products : simple_sitemap simple_sitemap
    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-33074

    Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.... Read more

    Affected Products : azure_functions
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-30392

    Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_ai_bot_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-30391

    Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : dynamics_365_customer_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2025-30390

    Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-30389

    Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_ai_bot_service
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-24091

    An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-21416

    Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_virtual_desktop
    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 293680 Results