Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-24358

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.6

    MEDIUM
    CVE-2025-22903

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-22900

    Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 2.1

    LOW
    CVE-2024-42193

    HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability ... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2023-5616

    In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to ex... Read more

    Affected Products : ubuntu_linux control_center
    • Published: Apr. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-3618

    A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on th... Read more

    Affected Products : thinmanager
    • Published: Apr. 15, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2025-3617

    A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. ... Read more

    Affected Products : thinmanager
    • Published: Apr. 15, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-33028

    In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User intera... Read more

    Affected Products : winzip
    • Published: Apr. 15, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-33027

    In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this... Read more

    Affected Products : bandizip
    • Published: Apr. 15, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-33026

    In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : peazip
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-29705

    code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects.... Read more

    Affected Products : code-gen
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28100

    A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.... Read more

    Affected Products : dingfanzu
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-50960

    A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the unde... Read more

    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-42200

    HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2024-42189

    HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.... Read more

    Affected Products : bigfix_platform
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2021-27289

    A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is im... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-32780

    BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\... Read more

    Affected Products : bleachbit
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-32779

    E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the `/backup/import` API endpoint can write arbitrary files to locations outside the intended extraction di... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-32776

    OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more byt... Read more

    Affected Products : openrazer
    • Published: Apr. 15, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-29817

    Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.... Read more

    Affected Products : power_automate_for_desktop
    • Published: Apr. 15, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293493 Results