Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-3540

    A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component H... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3539

    A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the co... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-3445

    A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing t... Read more

    Affected Products : archiver
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-3538

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. ... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Apr. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2024-56406

    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator,... Read more

    Affected Products : perl
    • Published: Apr. 13, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-3537

    A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is ... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3536

    A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper author... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-3423

    IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    Affected Products : linux_kernel aspera_faspex
    • Published: Apr. 13, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3535

    A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launc... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-3534

    A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. It is possible to launch the attack remo... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-3533

    A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross s... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3532

    A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. T... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3531

    A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible ... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-2814

    Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 6.4

    MEDIUM
    CVE-2025-1456

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input ... Read more

    Affected Products : royal_elementor_addons
    • Published: Apr. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1455

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products : royal_elementor_addons
    • Published: Apr. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-3418

    The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possi... Read more

    Affected Products :
    • Published: Apr. 12, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3292

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details... Read more

    • Published: Apr. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-3282

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_me... Read more

    • Published: Apr. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-3276

    The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products : skt_blocks
    • Published: Apr. 12, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293493 Results