Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45800

    TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: May. 02, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44900

    In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow.... Read more

    Affected Products : rx3_firmware rx3
    • Published: May. 06, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44899

    There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.... Read more

    Affected Products : rx3_firmware rx3
    • Published: May. 06, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-36650

    TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buf... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Jun. 11, 2024
    • Modified: Jun. 04, 2025

  • 8.6

    HIGH
    CVE-2025-21480

    Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2023-34302

    Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to e... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2025-27038

    Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.... Read more

    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-32674

    Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.... Read more

    Affected Products : social_login
    • Published: May. 08, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27731

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-27730

    Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27728

    Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.... Read more

    Affected Products : friendica
    • Published: Aug. 15, 2024
    • Modified: Jun. 04, 2025

  • 8.4

    HIGH
    CVE-2024-46278

    Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.... Read more

    Affected Products : teedy
    • Published: Oct. 07, 2024
    • Modified: Jun. 04, 2025

  • 6.5

    MEDIUM
    CVE-2023-32167

    D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploi... Read more

    Affected Products : d-view_8
    • Published: May. 03, 2024
    • Modified: Jun. 04, 2025

  • 5.7

    MEDIUM
    CVE-2024-52711

    DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter.... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Nov. 19, 2024
    • Modified: Jun. 04, 2025

  • 8.0

    HIGH
    CVE-2024-39963

    AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform... Read more

    Affected Products : ax12_firmware ax9_firmware ax12 ax9
    • Published: Jul. 19, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-41281

    Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.... Read more

    Affected Products : wrt54g wrt54g_firmware
    • Published: Jul. 19, 2024
    • Modified: Jun. 04, 2025

  • 6.9

    MEDIUM
    CVE-2024-8521

    A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to lau... Read more

    Affected Products : wavelog
    • Published: Sep. 07, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-8023

    A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : springblade springblade
    • Published: Aug. 21, 2024
    • Modified: Jun. 04, 2025

  • 8.8

    HIGH
    CVE-2024-13244

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.... Read more

    Affected Products : migrate_tools
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-41726

    Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed.... Read more

    Affected Products : skysea_client_view
    • Published: Jul. 29, 2024
    • Modified: Jun. 04, 2025
Showing 20 of 293363 Results