Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-6740

    The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : contact_form_7_database_addon
    • Published: Jul. 04, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2024-46367

    A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is... Read more

    Affected Products : krayin_crm
    • Published: Sep. 27, 2024
    • Modified: Jul. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-7069

    A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the l... Read more

    Affected Products : hdf5
    • Published: Jul. 04, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7086

    A vulnerability classified as critical has been found in Belkin F9K1122 1.00.33. Affected is the function formPPTPSetup of the file /goform/formPPTPSetup of the component webs. The manipulation of the argument pptpUserName leads to stack-based buffer over... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7087

    A vulnerability classified as critical was found in Belkin F9K1122 1.00.33. Affected by this vulnerability is the function formL2TPSetup of the file /goform/formL2TPSetup of the component webs. The manipulation of the argument L2TPUserName leads to stack-... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-48921

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.... Read more

    Affected Products : open_social
    • Published: Jun. 26, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-48922

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16.... Read more

    Affected Products : glightbox
    • Published: Jun. 26, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6937

    A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The attack can be in... Read more

    Affected Products : simple_pizza_ordering_system
    • Published: Jul. 01, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-7067

    A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approa... Read more

    Affected Products : hdf5
    • Published: Jul. 04, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-7068

    A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been discl... Read more

    Affected Products : hdf5
    • Published: Jul. 04, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-7081

    A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument m_wan_ipaddr/... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7082

    A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wan_ipaddr/wan_netma... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7083

    A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to i... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-25427

    A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This le... Read more

    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7084

    A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-bas... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7085

    A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based ... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7088

    A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. This affects the function formPPPoESetup of the file /goform/formPPPoESetup of the component webs. The manipulation of the argument pppUserName leads to stack-based bu... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7089

    A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This issue affects the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component webs. The manipulation of the argument pppUserName leads to stack-base... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7090

    A vulnerability, which was classified as critical, has been found in Belkin F9K1122 1.00.33. Affected by this issue is the function formConnectionSetting of the file /goform/formConnectionSetting of the component webs. The manipulation of the argument max... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-7091

    A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the component webs. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/... Read more

    Affected Products : f9k1122_firmware f9k1122
    • Published: Jul. 06, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291878 Results