Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45042

    Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 05, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45612

    Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.... Read more

    Affected Products : xmall
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45490

    Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.... Read more

    Affected Products : e5600_firmware e5600
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44886

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44881

    A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.... Read more

    Affected Products : wl-wn579a3_firmware wl-wn579a3
    • Published: May. 20, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45931

    An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44883

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44831

    EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.... Read more

    Affected Products : engineercms
    • Published: May. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44654

    In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network att... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-45479

    Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44897

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44893

    FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.... Read more

    Affected Products : wgs-804hpt_firmware wgs-804hpt
    • Published: May. 20, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44635

    There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, E... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-44083

    An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: May. 21, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-44877

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 02, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44658

    In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tr... Read more

    Affected Products : rax30_firmware rax30
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43949

    MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44655

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal n... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-43986

    An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-43932

    JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 292774 Results