Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-4750

    A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to in... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4752

    A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /install_base.data. The manipulation leads to information disclosure. The attack ... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4753

    A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this issue is some unknown functionality of the file /login.data. The manipulation leads to information disclosure. The attack may be launched re... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-4755

    A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been classified as critical. This affects the function sub_497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the a... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 16, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-44172

    Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jun. 02, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-5160

    A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is poss... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-5159

    A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been rated as problematic. This issue affects the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack m... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-2146

    Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Sat... Read more

    • Published: May. 26, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-5158

    A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic. This vulnerability affects the function downloadSoftware of the file /cfgFile/downloadSoftware. The manipulation of the argument filename leads to... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-5157

    A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is po... Read more

    Affected Products : seccenter_smp-1114p02
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-5156

    A vulnerability was found in H3C GR-5400AX up to 100R008 and classified as critical. Affected by this issue is the function EditWlanMacList of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack ma... Read more

    Affected Products : gr-5400ax_firmware gr-5400ax
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5155

    A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql injection. The atta... Read more

    Affected Products : foxcms foxcms
    • Published: May. 25, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-5135

    A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Produ... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-5134

    A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. T... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-5133

    A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit h... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-5131

    A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted ... Read more

    Affected Products : tmall_demo
    • Published: May. 24, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-46176

    Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.... Read more

    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2024-51102

    PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.... Read more

    Affected Products : student_management_system
    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-51103

    PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.... Read more

    Affected Products : student_management_system
    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-51099

    A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via i... Read more

    Affected Products : medical_card_generation_system
    • Published: May. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292758 Results