Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-43962

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-43961

    In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2020-36845

    The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.... Read more

    Affected Products : security_awareness_training
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2020-36844

    The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.... Read more

    Affected Products : security_awareness_training
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-43955

    TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... Read more

    Affected Products : convertigo
    • Published: Apr. 20, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-43954

    QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.... Read more

    Affected Products : qmarkdown
    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3830

    A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argumen... Read more

    Affected Products : kuangsimplebbs
    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-3829

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injecti... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3828

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injectio... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3827

    A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The att... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-3826

    A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress lea... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3825

    A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument tx... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3824

    A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtpr... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3823

    A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txt... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3822

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-3821

    A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-43929

    open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).... Read more

    Affected Products : kitty kitty
    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43928

    In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 ... Read more

    Affected Products : pmrs-102_firmware pmrs-102
    • Published: Apr. 20, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-43921

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-43920

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that ... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Injection
Showing 20 of 293605 Results