Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-22927

    An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-22931

    An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20950

    Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information.... Read more

    Affected Products : notes
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20951

    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.... Read more

    Affected Products : galaxy_store
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-3323

    A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql inje... Read more

    Affected Products : nimrod
    • Published: Apr. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-2876

    The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unaut... Read more

    Affected Products : melapress_login_security
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-26186

    SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php... Read more

    Affected Products : opensis
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-42650

    NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.... Read more

    Affected Products : nanomq
    • Published: Jul. 15, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service

  • 9.0

    HIGH
    CVE-2025-7596

    A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. ... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7586

    A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer o... Read more

    Affected Products : ac500_firmware ac500
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-7565

    A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password lea... Read more

    Affected Products : bl-ac3600_firmware bl-ac3600
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-7564

    A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. L... Read more

    Affected Products : bl-ac3600_firmware bl-ac3600
    • Published: Jul. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-46626

    OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.... Read more

    Affected Products : opensis
    • Published: Oct. 02, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-34663

    Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 4.1

    MEDIUM
    CVE-2024-34664

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.... Read more

    Affected Products : android
    • Published: Oct. 08, 2024
    • Modified: Jul. 17, 2025

  • 8.8

    HIGH
    CVE-2024-35584

    SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform S... Read more

    Affected Products : opensis opensis
    • Published: Oct. 15, 2024
    • Modified: Jul. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-51211

    SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject... Read more

    Affected Products : opensis
    • Published: Nov. 08, 2024
    • Modified: Jul. 17, 2025

  • 3.5

    LOW
    CVE-2024-51337

    Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php.... Read more

    Affected Products : gibbon
    • Published: Nov. 21, 2024
    • Modified: Jul. 17, 2025

  • 8.8

    HIGH
    CVE-2024-53792

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2.... Read more

    Affected Products : watu_quiz
    • Published: Dec. 02, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-49416

    Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.... Read more

    Affected Products : smartthings
    • Published: Dec. 03, 2024
    • Modified: Jul. 17, 2025
Showing 20 of 291562 Results