Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-25427

    A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This le... Read more

    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-0467

    Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.... Read more

    Affected Products : ddk
    • Published: Apr. 18, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-3509

    A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that allowed attackers to execute arbitrary code by exploiting the pre-receive hook functionality, potentially leading to privilege escalation and system compromise. Th... Read more

    Affected Products : enterprise_server
    • Published: Apr. 17, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-3246

    An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed cross-site scripting in GitHub Markdown that used `$$..$$` math blocks. Exploitation required access to the target GitHub Enterprise Server instance... Read more

    Affected Products : enterprise_server
    • Published: Apr. 17, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3124

    A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Ov... Read more

    Affected Products : enterprise_server
    • Published: Apr. 17, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-29461

    An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path.... Read more

    Affected Products : a-blog_cms a-blogcms a-blogcms
    • Published: Apr. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29460

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29459

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29458

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29457

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29456

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29453

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-42178

    HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.... Read more

    Affected Products : dryice_myxalytics
    • Published: Apr. 17, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-29455

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29454

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29452

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.... Read more

    Affected Products : seo_panel
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29451

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.... Read more

    Affected Products : seo_panel
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29450

    An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.... Read more

    Affected Products : twonav
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29449

    An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.... Read more

    Affected Products : twonav
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-3765

    A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to ... Read more

    • Published: Apr. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 293591 Results