Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-11612

    7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability b... Read more

    Affected Products : 7-zip
    • Published: Nov. 22, 2024
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-44957

    Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-44650

    In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-44655

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal n... Read more

    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-44657

    In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for i... Read more

    Affected Products : ea6350_firmware ea6350
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-44658

    In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tr... Read more

    Affected Products : rax30_firmware rax30
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-44651

    In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.... Read more

    Affected Products : tpl-430ap_firmware tpl-430ap
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-44647

    In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline att... Read more

    Affected Products : tew-wlc100p_firmware tew-wlc100p
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-44954

    RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-0412

    Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit ... Read more

    Affected Products : keyshot keyshot_viewer
    • Published: Jan. 13, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-51045

    Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-51044

    phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2023-42114

    Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-38277

    A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.... Read more

    Affected Products : moodle fedora
    • Published: Jun. 18, 2024
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2024-38274

    Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.... Read more

    Affected Products : moodle fedora
    • Published: Jun. 18, 2024
    • Modified: Aug. 07, 2025

  • 7.2

    HIGH
    CVE-2024-23115

    Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific fl... Read more

    Affected Products : centreon centreon_web
    • Published: Apr. 01, 2024
    • Modified: Aug. 07, 2025

  • 7.2

    HIGH
    CVE-2024-23116

    Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specif... Read more

    Affected Products : centreon centreon_web
    • Published: Apr. 01, 2024
    • Modified: Aug. 07, 2025

  • 7.2

    HIGH
    CVE-2024-23117

    Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. ... Read more

    Affected Products : centreon centreon_web
    • Published: Apr. 01, 2024
    • Modified: Aug. 07, 2025

  • 7.2

    HIGH
    CVE-2024-23118

    Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. Th... Read more

    Affected Products : centreon centreon_web
    • Published: Apr. 01, 2024
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2024-23119

    Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The spec... Read more

    Affected Products : centreon centreon_web
    • Published: Apr. 01, 2024
    • Modified: Aug. 07, 2025
Showing 20 of 291316 Results