Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-41447

    A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.... Read more

    Affected Products : opencms
    • Published: Apr. 18, 2025
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2025-32796

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal us... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32795

    Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-a... Read more

    Affected Products : dify
    • Published: Apr. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-32792

    SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code i... Read more

    Affected Products : ses
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025

  • 7.5

    HIGH
    CVE-2025-32442

    Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing... Read more

    Affected Products : fastify
    • Published: Apr. 18, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32434

    PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loa... Read more

    Affected Products : pytorch
    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-32389

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refe... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-31120

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-31118

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously p... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-30357

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025

  • 7.1

    HIGH
    CVE-2025-30158

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attribut... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-29953

    Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deseriali... Read more

    Affected Products : activemq_nms_openwire
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-29784

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search q... Read more

    Affected Products : nameless
    • Published: Apr. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-27599

    Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to ... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-3792

    A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be i... Read more

    Affected Products : seacms
    • Published: Apr. 18, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-3791

    A vulnerability classified as critical was found in symisc UnQLite up to 957c377cb691a4f617db9aba5cc46d90425071e2. This vulnerability affects the function jx9MemObjStore of the file /data/src/benchmarks/unqlite/unqlite.c. The manipulation leads to heap-ba... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-37838

    In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Race Condition

  • 5.4

    MEDIUM
    CVE-2025-2950

    IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address... Read more

    Affected Products : i i
    • Published: Apr. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-29625

    A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.... Read more

    Affected Products : astrolog
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29209

    TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293602 Results