Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-30445

    A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause a... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-24271

    An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same ne... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-24270

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-24252

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-24251

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-24206

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-24179

    A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local netwo... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Apr. 29, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-46328

    snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads l... Read more

    Affected Products : snowflake_connector
    • Published: Apr. 28, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2025-46327

    gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configura... Read more

    Affected Products : gosnowflake
    • Published: Apr. 28, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Race Condition

  • 7.0

    HIGH
    CVE-2025-46326

    snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector read... Read more

    Affected Products : snowflake_connector
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-4039

    A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injec... Read more

    Affected Products : rail_pass_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-4038

    A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads t... Read more

    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-4037

    A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exp... Read more

    Affected Products : atm_banking
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0049

    When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2024-11922

    Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-10635

    Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature.... Read more

    Affected Products : enterprise_protection
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-4036

    A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. Th... Read more

    Affected Products : novel
    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4034

    A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection.... Read more

    • Published: Apr. 28, 2025
    • Modified: May. 10, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-45953

    A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely... Read more

    Affected Products : hostel_management_system
    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45949

    A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijac... Read more

    • Published: Apr. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication
Showing 20 of 293651 Results