Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-22245

    VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.... Read more

    • Published: Jun. 04, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-47972

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Race Condition

  • 4.0

    MEDIUM
    CVE-2025-53171

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-10950

    In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the ex... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 4.0

    MEDIUM
    CVE-2025-53172

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-53173

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-53174

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-6932

    A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of ha... Read more

    Affected Products : dcs-7517_firmware dcs-7517
    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-6931

    A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulat... Read more

    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-6899

    A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It i... Read more

    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6898

    A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/pr... Read more

    Affected Products : di-7300g\+_firmware di-7300g\+
    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6896

    A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remote... Read more

    Affected Products : di-7300g\+_firmware di-7300g\+
    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-6882

    A vulnerability classified as critical has been found in D-Link DIR-513 1.0. This affects an unknown part of the file /goform/formSetWanPPTP. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely... Read more

    Affected Products : dir-513_firmware dir-513
    • Published: Jun. 30, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6617

    A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The atta... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jun. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6616

    A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jun. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6615

    A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer ... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jun. 25, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-53175

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-53176

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-6793

    Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installat... Read more

    Affected Products : qconvergeconsole
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-12166

    The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    • Published: Dec. 07, 2024
    • Modified: Jul. 14, 2025
Showing 20 of 292721 Results