Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-29030

    Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29386

    In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-2381

    A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. It is possible... Read more

    Affected Products : curfew_e-pass_management_system
    • Published: Mar. 17, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29911

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap buffer o... Read more

    Affected Products : cryptolib
    • Published: Mar. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-30122

    An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-29401

    An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : emlog
    • Published: Mar. 19, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-27782

    Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file write in inference.py. This issue may lead to writing arbitrary files on the Applio server. It can also be used in conjunction with an unsafe deserializati... Read more

    Affected Products : applio
    • Published: Mar. 19, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-47552

    Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Users are recommended to upgrade to version 2.2.0, which fixes the issue.... Read more

    Affected Products : seata
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-10553

    A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHive... Read more

    Affected Products : h2o h2o
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-10835

    In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabl... Read more

    Affected Products : db-gpt
    • Published: Mar. 20, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-27138

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerabili... Read more

    Affected Products : dataease
    • Published: Mar. 13, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1894

    A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-result.php. The manipulation of the argument searchdata leads to sql injec... Read more

    Affected Products : restaurant_table_booking_system
    • Published: Mar. 04, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12044

    A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an att... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2641

    A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-artist-detail.php?editid=1. The manipulation of the argument Na... Read more

    Affected Products : art_gallery_management_system
    • Published: Mar. 23, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2646

    A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber le... Read more

    Affected Products : art_gallery_management_system
    • Published: Mar. 23, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2658

    A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the file /search-request.php. The manipulation of the argument searchdata lea... Read more

    • Published: Mar. 23, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2659

    A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument e leads to sql injection. It is possible to initi... Read more

    Affected Products : online_time_table_generator
    • Published: Mar. 23, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2682

    A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible... Read more

    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2735

    A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument sertitle leads to ... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2739

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-services.php. The manipulation of the argument sertitle leads to sql injection.... Read more

    Affected Products : old_age_home_management_system
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection
Showing 20 of 292737 Results