Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-42602

    This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses thr... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-42601

    This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading t... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-42600

    This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brut... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-1054

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions u... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-10306

    A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-3530

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The... Read more

    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-3529

    The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sens... Read more

    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-2595

    An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.... Read more

    Affected Products : visualization
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0618

    A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protect... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-1056

    Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected loca... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-0926

    Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for th... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1021

    Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : diskstation_manager
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-37088

    A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-27087

    A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-37087

    A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-32965

    xrpl.js is a JavaScript/TypeScript API for interacting with the XRP Ledger in Node.js and the browser. Versions 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. Version 2.14.2 is ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-29743

    D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-26159

    Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-31328

    SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31327

    SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and avai... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293620 Results