Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-29953

    Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deseriali... Read more

    Affected Products : activemq_nms_openwire
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-29784

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search q... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-27599

    Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to ... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-3792

    A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be i... Read more

    Affected Products : seacms
    • Published: Apr. 18, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-3791

    A vulnerability classified as critical was found in symisc UnQLite up to 957c377cb691a4f617db9aba5cc46d90425071e2. This vulnerability affects the function jx9MemObjStore of the file /data/src/benchmarks/unqlite/unqlite.c. The manipulation leads to heap-ba... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-37838

    In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Race Condition

  • 5.4

    MEDIUM
    CVE-2025-2950

    IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address... Read more

    Affected Products : i i
    • Published: Apr. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-29625

    A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.... Read more

    Affected Products : astrolog
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29209

    TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-28232

    Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication.... Read more

    Affected Products : jmb0150_firmware jmb0150
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-28230

    Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.... Read more

    Affected Products : jmb0150_firmware jmb0150
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-28229

    Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges.... Read more

    Affected Products : optimod_5950_firmware optimod_5950
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-28228

    A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext.... Read more

    • Published: Apr. 18, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-29643

    An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.... Read more

    Affected Products : croogo
    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40364

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if ne... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025

  • 6.9

    MEDIUM
    CVE-2025-3790

    A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to ... Read more

    Affected Products : jsite
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-3789

    A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be lau... Read more

    Affected Products : jsite
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-32790

    Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrat... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-46089

    74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.... Read more

    Affected Products : 74cms
    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-49808

    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.... Read more

    • Published: Apr. 18, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization
Showing 20 of 293591 Results