Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    CVSS31
    CVE-2020-36845

    The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 6.1

    CVSS31
    CVE-2020-36844

    The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.2

    CVSS31
    CVE-2025-43955

    TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 7.3

    CVSS31
    CVE-2025-3828

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injectio... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.4

    CVSS31
    CVE-2025-3825

    A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument tx... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 3.4

    CVSS31
    CVE-2025-43916

    Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attack... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 0.0

    NONE
    CVE-2025-3838

    An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access ... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 6.8

    CVSS31
    CVE-2025-43972

    An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 2.9

    CVSS31
    CVE-2025-43964

    In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.... Read more

    Affected Products : libraw
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025

  • 6.3

    CVSS31
    CVE-2025-3830

    A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argumen... Read more

    Affected Products :
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 7.3

    CVSS31
    CVE-2025-3829

    A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injecti... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 7.3

    CVSS31
    CVE-2025-3827

    A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The att... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025

  • 2.4

    CVSS31
    CVE-2025-3826

    A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress lea... Read more

    • Published: Apr. 20, 2025
    • Modified: Apr. 21, 2025
Showing 20 of 73 Results
© cvefeed.io
Latest DB Update: Apr. 22, 2025 5:11