Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2021-43980

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18... Read more

    Affected Products : debian_linux tomcat
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-41433

    SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.... Read more

    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27862

    Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).... Read more

    Affected Products : ieee_802.2 p802.1q
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27861

    Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)... Read more

    Affected Products : ieee_802.2 p802.1q
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27854

    Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.... Read more

    Affected Products : ieee_802.2 p802.1q
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.6

    MEDIUM
    CVE-2025-26091

    A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter whe... Read more

    Affected Products : team_password_manager
    • Published: Mar. 04, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-33072

    Improper access control in Azure allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: May. 08, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-44674

    D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src.... Read more

    Affected Products : covr-2600r_firmware covr-2600r
    • Published: Oct. 07, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-47732

    Microsoft Dataverse Remote Code Execution Vulnerability... Read more

    Affected Products : dataverse
    • Published: May. 08, 2025
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2024-44589

    Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.... Read more

    Affected Products : dcs-960l_firmware dcs-960l
    • Published: Sep. 18, 2024
    • Modified: May. 21, 2025

  • 9.1

    CRITICAL
    CVE-2025-47733

    Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network... Read more

    Affected Products : power_apps
    • Published: May. 08, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-33774

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: May. 14, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-33773

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."... Read more

    • Published: May. 14, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-33772

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime."... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: May. 14, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-33771

    A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage."... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: May. 14, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-4773

    A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4777

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is po... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-39481

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6.... Read more

    Affected Products : eventer
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4771

    A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/course.php. The manipulation of the argument coursecode leads to sql injection. It is possible to... Read more

    Affected Products : online_course_registration
    • Published: May. 16, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45746

    In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only ac... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication
Showing 20 of 293288 Results