Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CVSS31
    CVE-2025-32433

    Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH pr... Read more

    Affected Products : otp
    • Published: Apr. 16, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29662

    A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29043

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29041

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29040

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29042

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29047

    Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29046

    Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29045

    Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-29044

    Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS31
    CVE-2025-1863

    Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 9.3

    CVSS31
    CVE-2025-39471

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 9.8

    CVSS30
    CVE-2025-42599

    Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-s... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 18, 2025

  • 9.3

    CVSS31
    CVE-2025-27302

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE allows SQL Injection. This issue affects CHATLIVE: from n/a through 2.0.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 9.8

    CVSS31
    CVE-2025-27287

    Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 9.8

    CVSS31
    CVE-2025-27286

    Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 9.9

    CVSS31
    CVE-2025-27282

    Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 9.8

    CVSS31
    CVE-2025-29652

    SQL Injection vulnerability exists in the TP-Link M7000 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025

  • 9.8

    CVSS31
    CVE-2024-55372

    Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unaut... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025

  • 9.3

    CVSS31
    CVE-2025-22655

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
Showing 20 of 45 Results
© cvefeed.io
Latest DB Update: Apr. 18, 2025 20:10