Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-26773

    Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0.... Read more

    • Published: Feb. 17, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-26158

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.... Read more

    • Published: Feb. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-26157

    A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Feb. 14, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-57604

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-57603

    An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.... Read more

    Affected Products : ezbookkeeping
    • Published: Feb. 12, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-5516

    A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5502

    A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-5525

    A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be... Read more

    Affected Products : trojan
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2022-46852

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.... Read more

    Affected Products : wp_table_builder wp_table_builder
    • Published: May. 03, 2023
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38894

    WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-38892

    An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-33373

    An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.... Read more

    Affected Products : bl-w1210m_firmware bl-w1210m
    • Published: Jun. 14, 2024
    • Modified: Jun. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-38950

    Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.... Read more

    Affected Products : libde265
    • Published: Jun. 26, 2024
    • Modified: Jun. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-38949

    Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc... Read more

    Affected Products : libde265
    • Published: Jun. 26, 2024
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38895

    WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38896

    WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 5.3

    MEDIUM
    CVE-2024-38897

    WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.... Read more

    Affected Products : wn551k1_firmware wn551k1
    • Published: Jun. 24, 2024
    • Modified: Jun. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-37662

    TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings... Read more

    Affected Products : tl-7dr5130_firmware tl-7dr5130
    • Published: Jun. 17, 2024
    • Modified: Jun. 06, 2025

  • 6.3

    MEDIUM
    CVE-2024-37661

    TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.... Read more

    Affected Products : tl-7dr5130_firmware tl-7dr5130
    • Published: Jun. 17, 2024
    • Modified: Jun. 06, 2025

  • 6.1

    MEDIUM
    CVE-2024-5155

    The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : inquiry_cart
    • Published: Jun. 14, 2024
    • Modified: Jun. 06, 2025
Showing 20 of 293407 Results