Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2024-40070

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-40071

    Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP f... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-40072

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-40073

    Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-40074

    Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.... Read more

    Affected Products : online_id_generator_system
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-28276

    Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.... Read more

    Affected Products : school_task_manager
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 9.4

    CRITICAL
    CVE-2024-34226

    SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.... Read more

    Affected Products : visitor_management_system
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 4.6

    MEDIUM
    CVE-2025-22903

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-22900

    Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-3665

    A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The att... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3664

    A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to lau... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-34230

    A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 6.9

    MEDIUM
    CVE-2025-3674

    A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. Th... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2024-34231

    A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 14, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-32375

    BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it... Read more

    Affected Products : bentoml
    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-33304

    SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.... Read more

    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-3115

    Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malici... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2024-33306

    SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User.... Read more

    Affected Products : laboratory_management_system
    • Published: May. 01, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2025-25457

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 17, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-25453

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294464 Results