Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-4896

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack ... Read more

    Affected Products : ac10_firmware ac10
    • Published: May. 18, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4897

    A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is... Read more

    Affected Products : a15_firmware a15
    • Published: May. 18, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-4903

    A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipula... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 19, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-4904

    A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initi... Read more

    Affected Products : di-7003g_firmware di-7003g
    • Published: May. 19, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2020-14593

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated a... Read more

    • Published: Jul. 15, 2020
    • Modified: May. 27, 2025

  • 8.3

    HIGH
    CVE-2020-14583

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthen... Read more

    • Published: Jul. 15, 2020
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2023-40491

    Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : cinema_4d cinema_4d
    • Published: May. 03, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37644

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37641

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-37642

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37643

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-37645

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .... Read more

    Affected Products : tew-814dap_firmware tew-814dap
    • Published: Jun. 14, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-38902

    H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : magic_r230_firmware magic_r230
    • Published: Jun. 24, 2024
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2024-31374

    Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. ... Read more

    Affected Products : apppresser
    • Published: Apr. 15, 2024
    • Modified: May. 27, 2025

  • 4.1

    MEDIUM
    CVE-2024-38903

    H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.... Read more

    Affected Products : magic_r230_firmware magic_r230
    • Published: Jun. 24, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2024-42637

    H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : r3010_firmware r3010
    • Published: Aug. 16, 2024
    • Modified: May. 27, 2025

  • 8.0

    HIGH
    CVE-2025-5100

    A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-26466

    A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client m... Read more

    • Published: Feb. 28, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2023-50456

    An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.... Read more

    Affected Products : zammad
    • Published: Dec. 10, 2023
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-49485

    JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.... Read more

    Affected Products : jfinalcms
    • Published: Dec. 08, 2023
    • Modified: May. 27, 2025
Showing 20 of 292913 Results