Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5583

    A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exp... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5580

    A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate th... Read more

    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-33526

    A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web scrip... Read more

    Affected Products : ilias
    • Published: May. 21, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-33527

    A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or... Read more

    Affected Products : ilias
    • Published: May. 21, 2024
    • Modified: Jun. 04, 2025

  • 4.7

    MEDIUM
    CVE-2024-33528

    A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.... Read more

    Affected Products : ilias
    • Published: May. 21, 2024
    • Modified: Jun. 04, 2025

  • 7.2

    HIGH
    CVE-2024-33529

    ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.... Read more

    Affected Products : ilias
    • Published: May. 21, 2024
    • Modified: Jun. 04, 2025

  • 9.1

    CRITICAL
    CVE-2024-48905

    Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint.... Read more

    Affected Products : replyone
    • Published: May. 01, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-48906

    Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name.... Read more

    Affected Products : replyone
    • Published: May. 01, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-48907

    Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.... Read more

    Affected Products : replyone
    • Published: May. 01, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-45800

    TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: May. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44900

    In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow.... Read more

    Affected Products : rx3_firmware rx3
    • Published: May. 06, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44899

    There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.... Read more

    Affected Products : rx3_firmware rx3
    • Published: May. 06, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-36650

    TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buf... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Jun. 11, 2024
    • Modified: Jun. 04, 2025

  • 8.6

    HIGH
    CVE-2025-21480

    Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2023-34302

    Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to e... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2025-27038

    Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-32674

    Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.... Read more

    Affected Products : social_login
    • Published: May. 08, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27731

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-27730

    Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27728

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025
Showing 20 of 292803 Results