Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-22252

    A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin acco... Read more

    Affected Products : fortios fortiswitchmanager fortiproxy
    • Published: May. 28, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5295

    A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 28, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5298

    A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to ... Read more

    Affected Products : online_hospital_management_system
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3357

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.... Read more

    Affected Products : tivoli_monitoring
    • Published: May. 28, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45343

    An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.... Read more

    Affected Products : w18e_firmware w18e
    • Published: May. 28, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-5693

    A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be ini... Read more

    Affected Products : internet_banking_system
    • Published: Oct. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-25784

    An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.... Read more

    Affected Products : jizhicms
    • Published: Feb. 26, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25789

    FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.... Read more

    Affected Products : foxcms
    • Published: Feb. 26, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-57040

    TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Feb. 26, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-11131

    A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-1751

    A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22952

    elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.... Read more

    Affected Products : memos
    • Published: Feb. 27, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-51138

    Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earl... Read more

    • Published: Feb. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-38292

    In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.... Read more

    Affected Products : xiq-se
    • Published: Feb. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-11121

    A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of t... Read more

    Affected Products : lingdang_crm
    • Published: Nov. 12, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-1570

    The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_... Read more

    Affected Products : directorist
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1638

    The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_log... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1671

    The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authe... Read more

    Affected Products :
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1819

    A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch t... Read more

    Affected Products : ac7_firmware ac7
    • Published: Mar. 02, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1841

    A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is pos... Read more

    Affected Products : cdg
    • Published: Mar. 03, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection
Showing 20 of 293259 Results