Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-7840

    A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=reserve of the component Reserve Your Seat Page. The manipulation of t... Read more

    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-7905

    A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attac... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7904

    A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible t... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7862

    A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument ... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-7855

    A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack c... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7854

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the ... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7853

    A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be ini... Read more

    Affected Products : fh451_firmware fh451
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-20258

    A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7952

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can b... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 22, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7933

    A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler. The manipulation of the argument ID leads to sql... Read more

    Affected Products : sales_and_inventory_system
    • Published: Jul. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-7914

    A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jul. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54313

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Supply Chain

  • 4.0

    MEDIUM
    CVE-2025-52924

    In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header.... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-7913

    A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-46001

    An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-20168

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20167

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7912

    A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The atta... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-48887

    A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-22855

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.... Read more

    Affected Products : forticlientems
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292761 Results