Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-1275

    A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code i... Read more

    • Published: Apr. 15, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1274

    A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the ... Read more

    Affected Products : revit
    • Published: Apr. 15, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1273

    A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the co... Read more

    Affected Products : revit
    • Published: Apr. 15, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2024-44843

    An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.... Read more

    Affected Products : steve
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-32445

    Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrati... Read more

    Affected Products : argo_events
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32439

    pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie pro... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-32438

    make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root duri... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.6

    MEDIUM
    CVE-2025-32012

    Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authoriz... Read more

    Affected Products : jellyfin
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-31497

    TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability in its document conversion... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-30206

    Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host mac... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-2567

    An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-1292

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Ch... Read more

    Affected Products : chrome_os
    • Published: Apr. 15, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-1122

    Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challe... Read more

    Affected Products : chrome_os
    • Published: Apr. 15, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-29213

    A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file.... Read more

    Affected Products : jeewms
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-28399

    An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.... Read more

    Affected Products : xmall
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-27791

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. T... Read more

    Affected Products : online
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-25456

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-24358

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for ... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.6

    MEDIUM
    CVE-2025-22903

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-22900

    Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293510 Results