Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-29659

    Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.... Read more

    Affected Products : xy-3820_firmware xy-3820
    • Published: Apr. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29315

    An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29137

    Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.... Read more

    Affected Products : ac7_firmware ac7
    • Published: Mar. 19, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29287

    An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : mcms
    • Published: Apr. 21, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-29100

    Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Mar. 24, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29085

    SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.... Read more

    Affected Products :
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-28411

    An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave... Read more

    Affected Products : ruoyi
    • Published: Apr. 07, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29031

    Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-28386

    A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-28399

    An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.... Read more

    Affected Products : xmall
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28256

    An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Mar. 28, 2025
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-28413

    An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component... Read more

    Affected Products : ruoyi
    • Published: Apr. 07, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28036

    TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-29043

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-28388

    OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-28402

    An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter... Read more

    Affected Products : ruoyi
    • Published: Apr. 07, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28038

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27832

    An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-27779

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusion_a` and `model_fusion_b` from voice_blender.py take user-supplied input (e.g. a path to a model... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-27831

    An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.... Read more

    Affected Products : ghostscript
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292803 Results