Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-28230

    Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.... Read more

    Affected Products : jmb0150_firmware jmb0150
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7160

    A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the atta... Read more

    Affected Products : zoo_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-48466

    Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-28232

    Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication.... Read more

    Affected Products : jmb0150_firmware jmb0150
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-35430

    In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jul. 09, 2025

  • 6.1

    MEDIUM
    CVE-2012-4898

    Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key... Read more

    • EPSS Score: %0.25
    • Published: Dec. 18, 2012
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-29625

    A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.... Read more

    Affected Products : astrolog
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29953

    Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deseriali... Read more

    Affected Products : activemq_nms_openwire
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-2214

    A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the ar... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-45797

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme ... Read more

    Affected Products : libhtp
    • Published: Oct. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51576

    Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2023-51577

    Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2023-51578

    Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2023-51579

    Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 5.7

    MEDIUM
    CVE-2023-51580

    BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User int... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2019-16640

    An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG... Read more

    Affected Products : eg-2000se_firmware eg-2000se
    • Published: Jul. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2019-16639

    An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&c... Read more

    Affected Products : eg-2000se_firmware eg-2000se
    • Published: Jul. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51581

    Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not re... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51582

    Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not ... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 8.4

    HIGH
    CVE-2019-16641

    An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1.... Read more

    Affected Products : eg-2000se_firmware eg-2000se
    • Published: Jul. 16, 2024
    • Modified: Jul. 09, 2025
Showing 20 of 291878 Results