Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-4782

    A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID lead... Read more

    Affected Products : stock_management_system
    • Published: May. 16, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-47688

    Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.... Read more

    Affected Products : advanced_file_manager
    • Published: May. 07, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-4462

    A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack ma... Read more

    Affected Products : n150rt_firmware n150rt
    • Published: May. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-4461

    A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The... Read more

    Affected Products : n150rt_firmware n150rt
    • Published: May. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-4460

    A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. ... Read more

    Affected Products : n150rt_firmware n150rt
    • Published: May. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47612

    Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6.... Read more

    Affected Products : clickwhale
    • Published: May. 07, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-51547

    Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.... Read more

    • Published: Feb. 06, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-4008

    The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2015-7848

    An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When... Read more

    • Published: Jan. 06, 2017
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2024-36761

    naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.... Read more

    Affected Products : naga wgpu
    • Published: Jun. 12, 2024
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-40864

    Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40862

    Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40860

    Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40853

    Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set... Read more

    Affected Products : ac15_firmware ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.2

    HIGH
    CVE-2022-40093

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.2

    HIGH
    CVE-2022-40092

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.2

    HIGH
    CVE-2022-40091

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-35257

    A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.... Read more

    Affected Products : desktop
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-35097

    SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.9

    MEDIUM
    CVE-2022-33681

    Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pul... Read more

    Affected Products : pulsar
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 292767 Results