Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2025-5622

    A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2025-5624

    A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_r... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-5120

    A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py mo... Read more

    Affected Products : smolagents
    • Published: Jul. 27, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-57819

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipul... Read more

    Affected Products : freepbx
    • Actively Exploited
    • Published: Aug. 28, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-54349

    In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.... Read more

    Affected Products : iperf3 iperf
    • Published: Aug. 03, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-54253

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-54119

    ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code us... Read more

    Affected Products : adodb
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-53833

    LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulner... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-54122

    Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-53624

    The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifac... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    CRITICAL
    CVE-2025-52562

    Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-49885

    Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-49447

    Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-48827

    vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in M... Read more

    Affected Products : vbulletin
    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-47916

    Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-47637

    Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-47641

    Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from ... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-47812

    In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP serv... Read more

    Affected Products : wing_ftp_server
    • Actively Exploited
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-47419

    Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. Thi... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2025-46661

    IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier.... Read more

    Affected Products : metazo
    • Published: Apr. 28, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection
Showing 20 of 293353 Results