Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-4834

    A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been classified as critical. Affected is an unknown function of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the arg... Read more

    • Published: May. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4835

    A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlanRedirect of the component HTTP POST Request Hand... Read more

    • Published: May. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4826

    A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The ma... Read more

    • Published: May. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4825

    A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument s... Read more

    • Published: May. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4824

    A vulnerability classified as critical has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-... Read more

    • Published: May. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4823

    A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The... Read more

    • Published: May. 17, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-25502

    Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.... Read more

    Affected Products : flusity
    • Published: Feb. 15, 2024
    • Modified: May. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-25166

    Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file.... Read more

    Affected Products : 71cms
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2023-41506

    An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-25400

    Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, an... Read more

    Affected Products : subrion
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-27508

    Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.... Read more

    Affected Products : atheme
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 7.5

    HIGH
    CVE-2024-25840

    In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.... Read more

    Affected Products : account_manager
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 5.9

    MEDIUM
    CVE-2024-25841

    In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.... Read more

    Affected Products : so_flexibilite
    • Published: Feb. 27, 2024
    • Modified: May. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-26458

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.... Read more

    • Published: Feb. 29, 2024
    • Modified: May. 23, 2025

  • 6.5

    MEDIUM
    CVE-2024-53354

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/management/findfilterlist; the (2) user or (3) filter para... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2023-51773

    BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.... Read more

    Affected Products : bacnet_protocol_stack bacnet_stack
    • Published: Feb. 29, 2024
    • Modified: May. 23, 2025

  • 8.8

    HIGH
    CVE-2024-53355

    Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatea... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-53356

    Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret pose... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-26461

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.... Read more

    • Published: Feb. 29, 2024
    • Modified: May. 23, 2025

  • 6.4

    MEDIUM
    CVE-2025-0804

    The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input saniti... Read more

    Affected Products : clickwhale
    • Published: Jan. 29, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292764 Results