Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-39603

    A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticate... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2024-39604

    A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigge... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-39608

    A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerabili... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-39754

    A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2018-25032

    zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.... Read more

    • Published: Mar. 25, 2022
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-5309

    The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1113

    A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be in... Read more

    Affected Products : tarzan-cms
    • Published: Feb. 07, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-6035

    A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating... Read more

    Affected Products : enterprise_linux gimp
    • Published: Jun. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-48807

    Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1759

    IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-49827

    IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.... Read more

    Affected Products : concert
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-43201

    This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.... Read more

    Affected Products : music_classical
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-8996

    Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.... Read more

    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8995

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.... Read more

    Affected Products : authenticator_login
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8675

    Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.... Read more

    Affected Products : ai_seo_link_advisor
    • Published: Aug. 15, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-53817

    7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the iss... Read more

    Affected Products : 7-zip
    • Published: Jul. 17, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-53816

    7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.... Read more

    Affected Products : 7-zip
    • Published: Jul. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-42490

    authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/, /api/v3/cr... Read more

    Affected Products : authentik
    • Published: Aug. 22, 2024
    • Modified: Aug. 21, 2025

  • 9.0

    CRITICAL
    CVE-2024-47070

    authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. `a`. This results in a possibility o... Read more

    Affected Products : authentik
    • Published: Sep. 27, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-47077

    authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an ... Read more

    Affected Products : authentik
    • Published: Sep. 27, 2024
    • Modified: Aug. 21, 2025
Showing 20 of 292802 Results