Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2025-5624

    A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_r... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5621

    A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os com... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5620

    A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is ... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2025-5622

    A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2025-5623

    A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer over... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-48760

    An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-50857

    The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-50858

    Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2024-50859

    The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-50861

    The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.... Read more

    Affected Products : gestioip
    • Published: Jan. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-53923

    An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.... Read more

    Affected Products : centreon_web
    • Published: Jan. 23, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2024-55573

    An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.... Read more

    Affected Products : centreon_web
    • Published: Jan. 23, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-34148

    Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParam... Read more

    • Published: May. 02, 2024
    • Modified: Jun. 06, 2025

  • 4.3

    MEDIUM
    CVE-2024-28159

    A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.... Read more

    • Published: Mar. 06, 2024
    • Modified: Jun. 06, 2025

  • 4.3

    MEDIUM
    CVE-2024-28158

    A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.... Read more

    • Published: Mar. 06, 2024
    • Modified: Jun. 06, 2025

  • 8.8

    HIGH
    CVE-2025-24398

    Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.... Read more

    Affected Products : bitbucket_server_integration
    • Published: Jan. 22, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-5628

    A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument n... Read more

    Affected Products : food_menu_manager food_menu_manager
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5627

    A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection... Read more

    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5625

    A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql inje... Read more

    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5626

    A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It... Read more

    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection
Showing 20 of 293344 Results