Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-47215

    An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GT... Read more

    Affected Products : snowbridge
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-47214

    An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, eve... Read more

    Affected Products : iglu_server
    • Published: Apr. 03, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-47213

    An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, even... Read more

    Affected Products : enrich
    • Published: Apr. 03, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-47212

    An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in th... Read more

    Affected Products : iglu_server
    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-45199

    insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. Th... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-3177

    A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The ... Read more

    Affected Products : fastcms fastcms
    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-3176

    A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the file /single_lawyer.php. The manipulation of the argument u_id leads to sql injection. It is possible ... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-31489

    MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the u... Read more

    Affected Products : minio
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-31485

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method i... Read more

    Affected Products : core
    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025

  • 7.5

    HIGH
    CVE-2025-31481

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.... Read more

    Affected Products : core
    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-31161

    CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race c... Read more

    Affected Products : crushftp
    • Actively Exploited
    • Published: Apr. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-31119

    generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-30406

    Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machin... Read more

    Affected Products : centrestack
    • Actively Exploited
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-29570

    An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc.... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-29504

    Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29462

    A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29064

    An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-26818

    Netwrix Password Secure through 9.2 allows command injection.... Read more

    Affected Products : password_secure
    • Published: Apr. 03, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26817

    Netwrix Password Secure 9.2.0.32454 allows OS command injection.... Read more

    Affected Products : password_secure
    • Published: Apr. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-45198

    insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can ... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection
Showing 20 of 293353 Results