Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2025-5748

    WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authenticatio... Read more

    • Published: Jun. 06, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5749

    WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authe... Read more

    • Published: Jun. 06, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2023-50235

    Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to expl... Read more

    Affected Products : office_word office_show
    • Published: May. 03, 2024
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2025-5750

    WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV ... Read more

    • Published: Jun. 06, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-5751

    WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication ... Read more

    • Published: Jun. 06, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-45077

    IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is insta... Read more

    Affected Products : maximo_asset_management
    • Published: Jan. 24, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8047

    The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who cont... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Supply Chain

  • 6.1

    MEDIUM
    CVE-2025-8046

    The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-7761

    Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was con... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-6790

    The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : quiz_and_survey_master
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-51451

    In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-43988

    KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-3414

    The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to... Read more

    Affected Products : structured_content
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2025-34154

    UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insuffic... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2012-10060

    Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bou... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2012-10059

    Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitr... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2012-10058

    RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code executi... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2012-10057

    Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specia... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2012-10054

    Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2011-10015

    Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291385 Results