Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NONE
    CVE-2025-45842

    TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45841

    TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-43926

    An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values a... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2023-51328

    PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2023-51295

    PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45820

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45819

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-45818

    Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-41433

    When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.0

    CVSS31
    CVE-2025-43878

    When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.  Note: Soft... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-41431

    When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Techni... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.8

    CVSS31
    CVE-2025-46265

    On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.1

    CVSS31
    CVE-2025-36546

    On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerabil... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-41414

    When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-36557

    When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS)... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-36504

    When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.7

    CVSS31
    CVE-2025-31644

    When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-35995

    When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.2

    CVSS31
    CVE-2025-31177

    gnuplot is affected by a heap buffer overflow at function utf8_copy_one.... Read more

    Affected Products : gnuplot
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 0.0

    NONE
    CVE-2025-37809

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers... Read more

    Affected Products : linux_kernel
    • Published: May. 08, 2025
    • Modified: May. 08, 2025
Showing 20 of 283 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 20:55