Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 8.8

    HIGH
    CVE-2025-28030

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2025-28024

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption
  • 7.3

    HIGH
    CVE-2025-28032

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the ... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption
  • 7.3

    HIGH
    CVE-2025-28033

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnera... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service
  • 9.8

    CRITICAL
    CVE-2025-28034

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command executio... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection
  • 2.9

    LOW
    CVE-2025-46656

    python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.... Read more

    Affected Products : markdownify
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service
  • 4.9

    MEDIUM
    CVE-2025-46655

    CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error i... Read more

    Affected Products : codimd
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
  • 3.1

    LOW
    CVE-2025-46653

    Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only t... Read more

    Affected Products : formidable
    • Published: Apr. 26, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration
  • 5.3

    MEDIUM
    CVE-2025-3059

    Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
  • 6.1

    MEDIUM
    CVE-2025-31697

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.1

    MEDIUM
    CVE-2025-31696

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.1

    MEDIUM
    CVE-2025-31695

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
  • 8.1

    HIGH
    CVE-2025-31694

    Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization
  • 9.8

    CRITICAL
    CVE-2025-31691

    Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization
  • 8.8

    HIGH
    CVE-2025-31690

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 8.1

    HIGH
    CVE-2025-31689

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 6.8

    MEDIUM
    CVE-2025-31688

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 6.1

    MEDIUM
    CVE-2025-31687

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting (XSS).This issue affects SpamSpan filter: from 0.0.0 before 3.2.1.... Read more

    Affected Products : drupal
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
  • 8.1

    HIGH
    CVE-2025-31686

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.... Read more

    Affected Products : open_social
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization
  • 9.1

    CRITICAL
    CVE-2025-31685

    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.... Read more

    Affected Products : open_social
    • Published: Mar. 31, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 291513 Results