Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-20689

    In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418048; Is... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025

  • 5.5

    MEDIUM
    CVE-2025-20690

    In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Is... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20691

    In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418039; Is... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20692

    In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Is... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-20693

    In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android openwrt yocto mt6835 mt6878 mt6886 mt6897 mt6985 mt6989 mt6990 +16 more products
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-28229

    Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges.... Read more

    Affected Products : optimod_5950_firmware optimod_5950
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-7158

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-normal-ticket.php. The manipulation of the argument ID leads to sql i... Read more

    Affected Products : zoo_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7159

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-animals.php. The manipulation of the argument ID leads to sql injection. The a... Read more

    Affected Products : zoo_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-28230

    Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials.... Read more

    Affected Products : jmb0150_firmware jmb0150
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-7160

    A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the atta... Read more

    Affected Products : zoo_management_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-48466

    Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks.... Read more

    • Published: Jun. 24, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-28232

    Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication.... Read more

    Affected Products : jmb0150_firmware jmb0150
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-35430

    In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jul. 09, 2025

  • 6.1

    MEDIUM
    CVE-2012-4898

    Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key... Read more

    • EPSS Score: %0.25
    • Published: Dec. 18, 2012
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2025-29625

    A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.... Read more

    Affected Products : astrolog
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29953

    Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deseriali... Read more

    Affected Products : activemq_nms_openwire
    • Published: Apr. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-2214

    A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the ar... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 12, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-45797

    LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme ... Read more

    Affected Products : libhtp
    • Published: Oct. 16, 2024
    • Modified: Jul. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51576

    Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025

  • 7.8

    HIGH
    CVE-2023-51577

    Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain... Read more

    Affected Products : viewpower
    • Published: May. 03, 2024
    • Modified: Jul. 09, 2025
Showing 20 of 291946 Results