Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-24977

    OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side sec... Read more

    Affected Products : opencti
    • Published: May. 05, 2025
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-45805

    OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate acces... Read more

    Affected Products : opencti
    • Published: Dec. 26, 2024
    • Modified: May. 22, 2025

  • 8.2

    HIGH
    CVE-2024-37155

    OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitesp... Read more

    Affected Products : opencti
    • Published: Nov. 18, 2024
    • Modified: May. 22, 2025

  • 6.3

    MEDIUM
    CVE-2025-44854

    TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : cp900_firmware cp900
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44847

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44846

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44845

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44844

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44843

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44842

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44841

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44840

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the svn parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44839

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44838

    TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : cp900_firmware cp900
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44837

    TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a cra... Read more

    Affected Products : cp900_firmware cp900
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44836

    TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted reque... Read more

    Affected Products : cp900_firmware cp900
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2022-41343

    registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.... Read more

    Affected Products : dompdf
    • EPSS Score: %65.12
    • Published: Sep. 25, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-41340

    The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.... Read more

    Affected Products : secp256k1-js
    • EPSS Score: %0.05
    • Published: Sep. 24, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-40748

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    • EPSS Score: %0.14
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-40359

    Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.... Read more

    Affected Products : kfm
    • EPSS Score: %6.66
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 292762 Results