Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32105

    A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.... Read more

    Affected Products : img2020_firmware img2020
    • Published: Jun. 03, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5550

    A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. T... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-36063

    Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an i... Read more

    Affected Products : azure_rtos_usbx
    • Published: Oct. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35289

    A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the applica... Read more

    Affected Products : hermes
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-5576

    A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate lead... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5594

    A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The explo... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5604

    A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attac... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5053

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launche... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5625

    A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql inje... Read more

    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5631

    A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql inje... Read more

    Affected Products : news-buzz content_management_system
    • Published: Jun. 05, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5639

    A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack ma... Read more

    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-25923

    Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. ... Read more

    Affected Products : exec-local-bin
    • Published: Jan. 06, 2023
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2025-5707

    A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument tes... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2018-18447

    dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).... Read more

    Affected Products : paint.net
    • Published: Oct. 12, 2022
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-42897

    Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.... Read more

    Affected Products : arrayos_ag vxag ag1000 ag1000t ag1000v5 ag1100v5 ag1150 ag1200 ag1200v5 ag1500 +5 more products
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-3456

    Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.... Read more

    Affected Products : rdiffweb
    • Published: Oct. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42980

    go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.... Read more

    Affected Products : go-admin
    • Published: Oct. 17, 2022
    • Modified: May. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-42170

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-5172

    A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. T... Read more

    Affected Products : econtrata
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-41646

    An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device... Read more

    Affected Products : revpi_status
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication
Showing 20 of 293645 Results