Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-37860

    In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; conseq... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-52511

    In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 02, 2024
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2025-37893

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in build_prologue() Vincent reported that running BPF progs with tailcalls on LoongArch causes kernel hard lockup. Debugging the issues shows that t... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-25916

    wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.... Read more

    Affected Products : wuzhicms
    • Published: Feb. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2022-48627

    In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 02, 2024
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2025-1961

    A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_crud.php. The manipulation of the argument encryption le... Read more

    Affected Products : best_church_management_software
    • Published: Mar. 04, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-56195

    Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.... Read more

    Affected Products : traffic_server
    • Published: Mar. 06, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-56202

    Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the is... Read more

    Affected Products : traffic_server
    • Published: Mar. 06, 2025
    • Modified: Apr. 29, 2025

  • 9.1

    CRITICAL
    CVE-2024-37407

    Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.... Read more

    Affected Products : libarchive
    • Published: Jun. 08, 2024
    • Modified: Apr. 29, 2025

  • 6.3

    MEDIUM
    CVE-2024-38311

    Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, whi... Read more

    Affected Products : traffic_server
    • Published: Mar. 06, 2025
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-52627

    In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio event... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 26, 2024
    • Modified: Apr. 29, 2025

  • 6.0

    MEDIUM
    CVE-2024-26843

    In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 17, 2024
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-29209

    TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-28137

    The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-28136

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29064

    An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 03, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-25524

    Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote t... Read more

    Affected Products : x6000r_firmware x6000r
    • Published: Feb. 11, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2024-57036

    TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Jan. 21, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-28031

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini.... Read more

    Affected Products : a810r_firmware
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-28030

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291216 Results