Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-32434

    PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loa... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-32389

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refe... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 5.3

    CVSS31
    CVE-2025-31120

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 7.1

    CVSS31
    CVE-2025-31118

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously p... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 7.3

    CVSS31
    CVE-2025-30357

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 7.1

    CVSS31
    CVE-2025-30158

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attribut... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 7.5

    CVSS31
    CVE-2025-29784

    NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search q... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29662

    A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 7.6

    CVSS31
    CVE-2025-29458

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 7.6

    CVSS31
    CVE-2025-29457

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 7.6

    CVSS31
    CVE-2025-29452

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 7.6

    CVSS31
    CVE-2025-29451

    An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29043

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29041

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29040

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 6.5

    CVSS31
    CVE-2025-27599

    Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to ... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29042

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 5.4

    CVSS31
    CVE-2024-40124

    Pydio Core <= 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 0.0

    NONE
    CVE-2025-40364

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if ne... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 6.3

    CVSS31
    CVE-2025-32790

    Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrat... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025
Showing 20 of 434 Results
© cvefeed.io
Latest DB Update: Apr. 18, 2025 19:33