Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-26645

    Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025

  • 5.3

    MEDIUM
    CVE-2023-28290

    Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability... Read more

    Affected Products : remote_desktop remote_desktop_app
    • Published: May. 09, 2023
    • Modified: Jul. 07, 2025

  • 8.8

    HIGH
    CVE-2024-6040

    In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /s... Read more

    • Published: Aug. 01, 2024
    • Modified: Jul. 07, 2025

  • 6.4

    MEDIUM
    CVE-2025-6538

    The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : post_rating_and_review
    • Published: Jun. 26, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-2040

    A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special element... Read more

    Affected Products : ruoyi-vue-pro ruoyi-vue-pro
    • Published: Mar. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-26206

    Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component... Read more

    Affected Products : storefront
    • Published: Mar. 03, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-26849

    There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.... Read more

    Affected Products : docusnap
    • Published: Mar. 04, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-26320

    t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping.... Read more

    Affected Products : broadlinkmanager
    • Published: Mar. 04, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2024-56467

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32715

    Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56493

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2025-27487

    Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-0900

    PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56494

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56495

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-56496

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2022-40847

    In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-40845

    The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose s... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 4.9

    MEDIUM
    CVE-2022-40843

    The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42053

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function.... Read more

    Affected Products : w15e_firmware w15e ac1200_v-w15ev2
    • Published: Nov. 15, 2022
    • Modified: Jul. 07, 2025
Showing 20 of 293634 Results