Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32375

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it... Read more

    Affected Products : bentoml
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-33304

    SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.... Read more

    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-3115

    Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malici... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2024-33306

    SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2025-25457

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-25453

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-25458

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25456

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25454

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25455

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-3786

    A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29462

    A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-29453

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29454

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29455

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-29456

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.... Read more

    Affected Products : personal_management_system
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-45235

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field.... Read more

    Affected Products : fort_validator
    • Published: Aug. 24, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2024-45238

    An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. Open... Read more

    Affected Products : fort_validator
    • Published: Aug. 24, 2024
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2024-56169

    A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields inc... Read more

    Affected Products : fort_validator
    • Published: Dec. 18, 2024
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-33307

    SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025
Showing 20 of 293644 Results