Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CVSS31
    CVE-2025-29827

    Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_automation
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 10.0

    CVSS31
    CVE-2025-29813

    An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would fi... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.4

    CVSS31
    CVE-2025-27720

    The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-27578

    Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.8

    CVSS31
    CVE-2025-1331

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.... Read more

    Affected Products : cics_tx
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.8

    CVSS31
    CVE-2025-1330

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.... Read more

    Affected Products : cics_tx
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.8

    CVSS31
    CVE-2025-1329

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.... Read more

    Affected Products : cics_tx
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 2.8

    CVSS31
    CVE-2025-44021

    OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conduc... Read more

    Affected Products : ironic
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-28074

    phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, al... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2023-31585

    Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-46833

    Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole applica... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-46812

    Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary ... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 3.7

    CVSS31
    CVE-2025-46712

    Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allo... Read more

    Affected Products : otp
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 4.2

    CVSS31
    CVE-2025-46336

    Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may ... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45798

    A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45797

    TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45790

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45789

    TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45788

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45787

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025
Showing 20 of 462 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 12:34