Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54454

    Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-0686

    A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integ... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-0685

    A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A mal... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-0684

    A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-25214

    A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.... Read more

    Affected Products : avideo
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-51089

    Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2023-50677

    An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.... Read more

    Affected Products : dgnd4000_firmware dgnd4000
    • Published: Mar. 14, 2024
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2025-51088

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-51087

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-51085

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-51082

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based buffer overflow.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-50481

    A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.... Read more

    Affected Products : mezzanine
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-54448

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54447

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-54446

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-5835

    The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attacker... Read more

    Affected Products : droip
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-5831

    The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Sub... Read more

    Affected Products : droip
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-3614

    The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escapin... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8115

    A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument regi... Read more

    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2021-41561

    Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.... Read more

    Affected Products : parquet-mr parquet parquet_java
    • Published: Dec. 20, 2021
    • Modified: Jul. 28, 2025
Showing 20 of 293298 Results