Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32966

    DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.... Read more

    Affected Products : dataease
    • Published: Apr. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-21605

    Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Re... Read more

    Affected Products : debian_linux redis valkey
    • Published: Apr. 23, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-47829

    pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the ... Read more

    Affected Products : pnpm
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 2.9

    LOW
    CVE-2025-46393

    In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45428

    In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45427

    In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-43965

    In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-43716

    A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints su... Read more

    Affected Products : landesk_management_suite
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-2703

    The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.... Read more

    Affected Products : grafana
    • Published: Apr. 23, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-42605

    This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipula... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-42604

    This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leadin... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-42603

    This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response t... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-42602

    This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses thr... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-42601

    This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading t... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-42600

    This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brut... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-1054

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions u... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-10306

    A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-3530

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The... Read more

    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-3529

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sens... Read more

    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-2595

    An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.... Read more

    Affected Products : visualization
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization
Showing 20 of 293612 Results