Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-27444

    A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This a... Read more

    Affected Products : rsform\!pro
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-27811

    A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service.... Read more

    Affected Products : synapse_4
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5592

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be laun... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5599

    A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be ini... Read more

    Affected Products : student_result_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-5715

    A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. I... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-5714

    A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArq... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-5713

    A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descriç... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2020-21514

    An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.... Read more

    Affected Products : fluentd fluentd-ui
    • Published: Apr. 04, 2023
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-5876

    A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched ... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-39472

    Cross-Site Request Forgery (CSRF) vulnerability in WPWeb WooCommerce Social Login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a before 2.8.3.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.4

    LOW
    CVE-2024-13087

    A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35009

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-5871

    A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launc... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-5873

    A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted up... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-22481

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulner... Read more

    Affected Products : quts_hero qts
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35004

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35010

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-5864

    A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manip... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5894

    Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system ... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-25209

    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor w... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293328 Results