Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-39515

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager allows Stored XSS. This issue affects Attendance Manager: from n/a through 0.6.2.... Read more

    Affected Products : attendance_manager
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39514

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0.... Read more

    Affected Products : asgaros_forum
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-39513

    Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: from n/a through 0.2.46.... Read more

    Affected Products : activedemand
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-39512

    Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery. This issue affects Bulk Term Editor: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-1983

    A cross-site scripting (XSS) vulnerability in Ready_'s File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-1982

    Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read conte... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-1981

    Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-1980

    The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. ... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-3688

    A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate ... Read more

    Affected Products : seven_bears_library_cms
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3687

    A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may b... Read more

    Affected Products : oasys
    • Published: Apr. 16, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-3686

    A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclos... Read more

    Affected Products : oasys
    • Published: Apr. 16, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-3685

    A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_fpatient.php. The manipulation of the argument ID leads to sql injection. It is possible to laun... Read more

    • Published: Apr. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3684

    A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument s... Read more

    Affected Products : kindergarten_management_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3683

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. This vulnerability affects unknown code of the component SIZE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The expl... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3682

    A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. This affects an unknown part of the component PASV Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exp... Read more

    Affected Products : pcman_ftp_server ftp_server
    • Published: Apr. 16, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-30960

    Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-22023

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-22022

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-22021

    In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find th... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-22020

    In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293517 Results