Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1831

    A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection. It is ... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1832

    A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to s... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1833

    A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java of the component HTTP Requ... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-1834

    A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. ... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-37899

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind t... Read more

    Affected Products : linux_kernel
    • Published: May. 20, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2023-42926

    Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2023
    • Modified: May. 24, 2025

  • 7.5

    HIGH
    CVE-2025-2704

    OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase... Read more

    Affected Products : openvpn
    • Published: Apr. 02, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2024-13591

    The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitiz... Read more

    • Published: Feb. 19, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13592

    The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attacke... Read more

    • Published: Feb. 19, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-13402

    The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : buddyboss_platform
    • Published: Feb. 27, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12723

    The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : infility_global
    • Published: Jan. 28, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-57587

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55062

    Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-53357

    Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updateali... Read more

    Affected Products : co2scope dcscope
    • Published: Jan. 31, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54852

    When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various maliciou... Read more

    Affected Products : teedy
    • Published: Jan. 29, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-4810

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based b... Read more

    Affected Products : ac7_firmware ac7
    • Published: May. 16, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4809

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It... Read more

    Affected Products : ac7_firmware ac7
    • Published: May. 16, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4851

    A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The ... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-4850

    A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is poss... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4849

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command inj... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection
Showing 20 of 293171 Results