Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-2947

    IBM i 7.6  contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.... Read more

    Affected Products : i i
    • Published: Apr. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29662

    A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access.... Read more

    Affected Products : landchat
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-29661

    Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.... Read more

    Affected Products : litepubl_cms
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-29181

    FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.... Read more

    Affected Products : foxcms
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-29180

    In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.... Read more

    Affected Products : foxcms
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-29039

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-40124

    Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.... Read more

    Affected Products : pydio
    • Published: Apr. 17, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-43015

    In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces... Read more

    Affected Products : rubymine
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-43014

    In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-43013

    In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-43012

    In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-42921

    In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin... Read more

    Affected Products : toolbox
    • Published: Apr. 17, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-39596

    Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-39595

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-39594

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Arigato Autoresponder and Newsletter allows Reflected XSS. This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.4.... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-39588

    Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0.... Read more

    Affected Products : ultimate_store_kit
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-39587

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.... Read more

    Affected Products : cost_calculator_builder
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-39586

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8.... Read more

    Affected Products : profilegrid
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-39583

    Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2.... Read more

    Affected Products : bertha_ai
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-39580

    Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization
Showing 20 of 293591 Results