Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-3479

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user contro... Read more

    Affected Products : forminator forminator_forms
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-48419

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of the... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2024-48416

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 5.2

    MEDIUM
    CVE-2024-48417

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48418

    In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-48420

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-28146

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel... Read more

    Affected Products : br-6478ac_v3_firmware br-6478ac_v3
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-3487

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and out... Read more

    Affected Products : forminator forminator_forms
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-24577

    Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.... Read more

    Affected Products : poll_maker
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-57768

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-2162

    The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2024-28960

    An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.... Read more

    Affected Products : fedora mbed_tls mbed_crypto
    • Published: Mar. 29, 2024
    • Modified: May. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-46089

    74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.... Read more

    Affected Products : 74cms
    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2025-3616

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authen... Read more

    • Published: Apr. 22, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-3730

    A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approach... Read more

    Affected Products : pytorch
    • Published: Apr. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-3309

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql in... Read more

    • Published: Apr. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3310

    A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /admin/delete.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate... Read more

    • Published: Apr. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-50704

    Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.... Read more

    Affected Products : tripleplay
    • Published: Mar. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-50707

    Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.... Read more

    Affected Products : tripleplay
    • Published: Mar. 04, 2025
    • Modified: May. 28, 2025

  • 7.8

    HIGH
    CVE-2025-4068

    A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack n... Read more

    • Published: Apr. 29, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291739 Results