Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-44023

    An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-28073

    phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2024-9448

    On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be drop... Read more

    Affected Products : eos
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 6.1

    CVSS31
    CVE-2025-29602

    flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-29154

    HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, .galera.app/rh/cadastros/perspecti... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.9

    CVSS31
    CVE-2025-27695

    Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more

    Affected Products : wyse_management_suite
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 9.1

    CVSS31
    CVE-2025-26847

    An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 9.8

    CVSS31
    CVE-2025-26845

    An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 9.8

    CVSS31
    CVE-2025-26844

    An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-26842

    An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 10.0

    CVSS31
    CVE-2025-0505

    On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 8.7

    CVSS31
    CVE-2024-8100

    On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 9.1

    CVSS31
    CVE-2024-12378

    On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 10.0

    CVSS31
    CVE-2024-11186

    On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-pre... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-4098

    Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.... Read more

    Affected Products : cscape
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 5.5

    CVSS31
    CVE-2025-30102

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 4.4

    CVSS31
    CVE-2025-30101

    Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service a... Read more

    Affected Products : powerscale_onefs
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-29448

    Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.... Read more

    Affected Products : easyappointments
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-1948

    In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to alloca... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.2

    CVSS31
    CVE-2024-13009

    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: May. 08, 2025
Showing 20 of 462 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 12:34