Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-46629

    Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-46628

    Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. ... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-28339

    An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.... Read more

    • Published: Mar. 12, 2024
    • Modified: May. 27, 2025

  • 8.2

    HIGH
    CVE-2025-46627

    Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/oc... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-28340

    An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.... Read more

    • Published: Mar. 12, 2024
    • Modified: May. 27, 2025

  • 7.3

    HIGH
    CVE-2025-46626

    Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-46625

    Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web reque... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-3346

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip lead... Read more

    Affected Products : ac7_firmware ac7
    • Published: Apr. 07, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-45514

    Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 07, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44877

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 02, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44872

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 02, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2023-52070

    JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of ... Read more

    Affected Products : jfreechart
    • Published: Apr. 10, 2024
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2024-23077

    JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulne... Read more

    Affected Products : jfreechart
    • Published: Apr. 10, 2024
    • Modified: May. 27, 2025

  • 9.1

    CRITICAL
    CVE-2024-22949

    JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a ... Read more

    Affected Products : jfreechart
    • Published: Apr. 08, 2024
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2025-24225

    An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-24258

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: May. 12, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-44186

    SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.... Read more

    Affected Products : best_employee_management_system
    • Published: May. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-46635

    An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the rou... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-46634

    Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It ... Read more

    Affected Products : rx2_pro_firmware rx2_pro
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2023-44853

    \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file.... Read more

    • Published: Apr. 12, 2024
    • Modified: May. 27, 2025
Showing 20 of 292879 Results