Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.9

    CVSS31
    CVE-2023-26819

    cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2023-30421

    mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: Apr. 21, 2025

  • 5.3

    CVSS31
    CVE-2025-43921

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 4.1

    CVSS31
    CVE-2025-43929

    open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 5.8

    CVSS31
    CVE-2025-43919

    GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter.... Read more

    Affected Products : mailman
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.4

    CVSS31
    CVE-2025-3825

    A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument tx... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 7.3

    CVSS31
    CVE-2025-3828

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injectio... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.2

    CVSS31
    CVE-2025-43955

    TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 6.1

    CVSS31
    CVE-2020-36844

    The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 5.3

    CVSS31
    CVE-2020-36845

    The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2025-43961

    In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 4.9

    CVSS31
    CVE-2025-43954

    QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2025-43962

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2025-43963

    In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2025-43966

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.... Read more

    Affected Products : libheif
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2025-43967

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.... Read more

    Affected Products : libheif
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 8.6

    CVSS31
    CVE-2025-43971

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 6.8

    CVSS31
    CVE-2025-43973

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 4.3

    CVSS31
    CVE-2025-43970

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 0.0

    NONE
    CVE-2025-25228

    A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
Showing 20 of 70 Results
© cvefeed.io
Latest DB Update: Apr. 21, 2025 18:55