Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45428

    In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45427

    In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-43965

    In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-43716

    A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints su... Read more

    Affected Products : landesk_management_suite
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-2703

    The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.... Read more

    Affected Products : grafana
    • Published: Apr. 23, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-42605

    This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipula... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-42604

    This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leadin... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-42603

    This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response t... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-42602

    This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses thr... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-42601

    This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading t... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-42600

    This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brut... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-1054

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions u... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-10306

    A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-3530

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The... Read more

    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-3529

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sens... Read more

    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-2595

    An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.... Read more

    Affected Products : visualization
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0618

    A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protect... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-1056

    Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected loca... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-0926

    Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for th... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1021

    Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : diskstation_manager
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization
Showing 20 of 293608 Results