Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-25734

    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.... Read more

    Affected Products : apollo_vx20_firmware apollo_vx20
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25735

    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.... Read more

    Affected Products : apollo_vx20_firmware apollo_vx20
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2024-25736

    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.... Read more

    Affected Products : apollo_vx20_firmware apollo_vx20
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 7.8

    HIGH
    CVE-2025-2308

    A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be app... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2309

    A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to appro... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-2310

    A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The ex... Read more

    Affected Products : hdf5
    • Published: Mar. 14, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2024-25423

    An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.... Read more

    Affected Products : cinema_4d
    • Published: Feb. 22, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-31634

    In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations.... Read more

    Affected Products : teslamate teslamate
    • Published: Mar. 27, 2024
    • Modified: May. 28, 2025

  • 6.5

    MEDIUM
    CVE-2025-25225

    A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.... Read more

    Affected Products : hikashop
    • Published: Mar. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-3479

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user contro... Read more

    Affected Products : forminator forminator_forms
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-48419

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of the... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2024-48416

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025

  • 5.2

    MEDIUM
    CVE-2024-48417

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48418

    In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-48420

    Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.... Read more

    Affected Products : br-6476ac_firmware br-6476ac
    • Published: Jan. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-28146

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel... Read more

    Affected Products : br-6478ac_v3_firmware br-6478ac_v3
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-3487

    The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and out... Read more

    Affected Products : forminator forminator_forms
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-24577

    Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.... Read more

    Affected Products : poll_maker
    • Published: Apr. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-57768

    JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.... Read more

    Affected Products : jfinaloa
    • Published: Jan. 16, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-2162

    The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 18, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293344 Results