Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-26901

    Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.... Read more

    Affected Products : brizy
    • Published: Apr. 09, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-26888

    Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.8.... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-21601

    An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthentic... Read more

    Affected Products : junos
    • Published: Apr. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Denial of Service

  • 6.0

    MEDIUM
    CVE-2025-21597

    An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS). On all Junos... Read more

    Affected Products : junos junos_os_evolved
    • Published: Apr. 09, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-21595

    A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Apr. 09, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-21594

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack L... Read more

    Affected Products : junos
    • Published: Apr. 09, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-21591

    A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to ... Read more

    Affected Products : junos
    • Published: Apr. 09, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-55210

    An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.... Read more

    Affected Products : framework_\(linha_protheus\)
    • Published: Apr. 09, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-2630

    There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled ... Read more

    Affected Products : labview
    • Published: Apr. 09, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-2629

    There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a mali... Read more

    Affected Products : labview
    • Published: Apr. 09, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-3475

    Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.... Read more

    Affected Products : web-t web-t
    • Published: Apr. 09, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-3474

    Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0.... Read more

    Affected Products : panels
    • Published: Apr. 09, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-3131

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, fr... Read more

    Affected Products : eca\
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-3115

    Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malici... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-3114

    Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32695

    Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation. This issue affects Checkout Mestres WP: from n/a through 8.7.5.... Read more

    Affected Products : checkout_mestres_wp
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-32694

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2.... Read more

    Affected Products : ultimate_wp_mail
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-32693

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress allows Phishing. This issue affects WebinarPress: from n/a through 1.33.27.... Read more

    Affected Products : webinarpress
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-32692

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-32691

    Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4.... Read more

    Affected Products : powerpress
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 293367 Results