Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-29460

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29459

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29458

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29457

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29456

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29453

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-42178

    HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution.... Read more

    Affected Products : dryice_myxalytics
    • Published: Apr. 17, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-29455

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29454

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29452

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.... Read more

    Affected Products : seo_panel
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29451

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.... Read more

    Affected Products : seo_panel
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29450

    An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.... Read more

    Affected Products : twonav
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29449

    An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.... Read more

    Affected Products : twonav
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-3765

    A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to ... Read more

    • Published: Apr. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3764

    A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /edit-product.php. The manipulation of the argument Avatar leads to unrestricted uploa... Read more

    • Published: Apr. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2024-42177

    HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system... Read more

    Affected Products : dryice_myxalytics
    • Published: Apr. 17, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-3763

    A vulnerability classified as critical has been found in SourceCodester Phone Management System 1.0. This affects the function main of the component Password Handler. The manipulation of the argument s leads to buffer overflow. Local access is required to... Read more

    Affected Products : phone_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3762

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component MPUT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely.... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 17, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-29316

    An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because the watermark is added by hook... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-29722

    A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.... Read more

    Affected Products : commercify
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293605 Results