Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-48372

    Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–999... Read more

    Affected Products : schule_school_management_system
    • Published: May. 22, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-48373

    Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk becau... Read more

    Affected Products : schule_school_management_system
    • Published: May. 22, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2021-27285

    An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.... Read more

    Affected Products : clusterengine
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025

  • 6.6

    MEDIUM
    CVE-2025-48375

    Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP requ... Read more

    Affected Products : schule_school_management_system
    • Published: May. 23, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2024-55076

    Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.... Read more

    Affected Products : grocy
    • Published: Jan. 06, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-52532

    GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.... Read more

    Affected Products : libsoup
    • Published: Nov. 11, 2024
    • Modified: Sep. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-47535

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded ... Read more

    Affected Products : netty windows
    • Published: Nov. 12, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-36620

    moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Sep. 05, 2025

  • 7.5

    HIGH
    CVE-2024-53980

    RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed F... Read more

    Affected Products : riot
    • Published: Nov. 29, 2024
    • Modified: Sep. 05, 2025

  • 9.0

    CRITICAL
    CVE-2025-53690

    Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.... Read more

    • Actively Exploited
    • Published: Sep. 03, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-50947

    An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : kmqtt
    • Published: Dec. 04, 2024
    • Modified: Sep. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-54679

    CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.... Read more

    Affected Products : cyberpanel
    • Published: Dec. 05, 2024
    • Modified: Sep. 05, 2025

  • 9.0

    CRITICAL
    CVE-2024-32018

    RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the ... Read more

    Affected Products : riot riot
    • Published: May. 01, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-8498

    A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the argument uname leads to sql injection. The attack can be executed remotely... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8497

    A weakness has been identified in code-projects Online Medicine Guide 1.0. This affects an unknown part of the file /cusfindphar2.php. This manipulation of the argument Search causes sql injection. Remote exploitation of the attack is possible. The exploi... Read more

    Affected Products : online_medicine_guide
    • Published: Aug. 03, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2023-6944

    A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend,... Read more

    Affected Products : backstage red_hat_developer_hub
    • Published: Jan. 04, 2024
    • Modified: Sep. 05, 2025

  • 5.3

    MEDIUM
    CVE-2025-48046

    An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-6504

    Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, t... Read more

    Affected Products : insightvm
    • Published: Jul. 18, 2024
    • Modified: Sep. 05, 2025

  • 7.2

    HIGH
    CVE-2024-52547

    An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-52544

    An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Sep. 05, 2025
Showing 20 of 293335 Results