Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-55062

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-53357

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updateali... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54852

    When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various maliciou... Read more

    Affected Products : teedy
    • Published: Jan. 29, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-4810

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based b... Read more

    Affected Products : ac7_firmware ac7
    • Published: May. 16, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4809

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It... Read more

    Affected Products : ac7_firmware ac7
    • Published: May. 16, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4851

    A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The ... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-4850

    A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is poss... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4849

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command inj... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-45862

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 20, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45513

    Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 09, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2024-26952

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2024
    • Modified: May. 23, 2025

  • 8.8

    HIGH
    CVE-2023-44466

    An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted leng... Read more

    Affected Products : linux_kernel
    • Published: Sep. 29, 2023
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2024-27018

    In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge... Read more

    Affected Products : linux_kernel fedora
    • Published: May. 01, 2024
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2022-48735

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registered via devm_led_classdev_register() and associated with t... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2024-36477

    In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of t... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2024
    • Modified: May. 23, 2025

  • 2.1

    LOW
    CVE-2025-22149

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-44176

    Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 12, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45858

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3757

    Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.... Read more

    Affected Products : openpubkey
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45863

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292821 Results