Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-5147

    A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection.... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5146

    A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP He... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-32910

    A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.... Read more

    Affected Products : enterprise_linux
    • Published: Apr. 14, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-32909

    A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.... Read more

    Affected Products : enterprise_linux
    • Published: Apr. 14, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-32907

    A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amoun... Read more

    • Published: Apr. 14, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-32053

    A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-32052

    A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-32050

    A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.... Read more

    • Published: Apr. 03, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-47287

    Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to gene... Read more

    Affected Products : tornado
    • Published: May. 15, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2021-28423

    Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'search... Read more

    • EPSS Score: %2.50
    • Published: Jul. 01, 2021
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2023-29857

    An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link.... Read more

    Affected Products : teslamate teslamate
    • EPSS Score: %0.08
    • Published: May. 18, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-23126

    TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access... Read more

    Affected Products : teslamate teslamate
    • EPSS Score: %0.58
    • Published: Jan. 24, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44581

    Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.... Read more

    • Published: May. 17, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-37444

    Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.... Read more

    • Published: Nov. 01, 2024
    • Modified: May. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-25595

    Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.... Read more

    • Published: May. 17, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2025-47851

    In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible... Read more

    Affected Products : teamcity
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47852

    In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible... Read more

    Affected Products : teamcity
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47853

    In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible... Read more

    Affected Products : teamcity
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-47854

    In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page... Read more

    Affected Products : teamcity
    • Published: May. 20, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-3243

    A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. ... Read more

    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection
Showing 20 of 291779 Results