Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52274

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-52273

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-52272

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-52275

    Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 04, 2024
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-51320

    Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2024-51321

    In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication.... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-25747

    Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint... Read more

    Affected Products : hoteldruid
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-3236

    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls.... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3237

    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The... Read more

    Affected Products : fh1202_firmware fh1202
    • Published: Apr. 04, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-2387

    A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. I... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-0528

    A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to com... Read more

    • Published: Jan. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-2389

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_city.php. The manipulation leads to sql injection. The attack may be la... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-31214

    This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 12, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-31215

    The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected proc... Read more

    • Published: May. 12, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-44184

    SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.... Read more

    Affected Products : best_employee_management_system
    • Published: May. 14, 2025
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-4697

    A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql inject... Read more

    Affected Products : directory_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-44180

    Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}.... Read more

    Affected Products : vehicle_record_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-44181

    Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter.... Read more

    Affected Products : vehicle_record_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-44182

    Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the /admin/edit-vehicle.php component. This allows attackers to execute a... Read more

    Affected Products : vehicle_record_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-44183

    Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters.... Read more

    Affected Products : vehicle_record_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293425 Results