Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-6658

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-6659

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-40090

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.1

    CRITICAL
    CVE-2024-40089

    A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-40088

    A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any ... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.6

    CRITICAL
    CVE-2024-40087

    Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 9.6

    CRITICAL
    CVE-2024-40084

    A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.... Read more

    Affected Products : vilo_5_firmware vilo_5
    • Published: Oct. 21, 2024
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2025-6660

    PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to explo... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-24988

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2024-48232

    An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request fo... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-48233

    mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.... Read more

    Affected Products : mipjz
    • Published: Oct. 25, 2024
    • Modified: Jul. 07, 2025

  • 6.8

    MEDIUM
    CVE-2025-24987

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-48270

    An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.... Read more

    Affected Products : oasys
    • Published: Nov. 01, 2024
    • Modified: Jul. 07, 2025

  • 4.4

    MEDIUM
    CVE-2024-4839

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals se... Read more

    • Published: Jun. 24, 2024
    • Modified: Jul. 07, 2025

  • 8.4

    HIGH
    CVE-2025-24084

    Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-24076

    Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2024-4841

    A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerabil... Read more

    • Published: Jun. 23, 2024
    • Modified: Jul. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-3186

    A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.... Read more

    Affected Products : ac1200_firmware ac5_firmware ac1200 ac5
    • Published: Jan. 26, 2021
    • Modified: Jul. 07, 2025

  • 7.8

    HIGH
    CVE-2020-28095

    On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.... Read more

    • Published: Dec. 30, 2020
    • Modified: Jul. 07, 2025

  • 6.7

    MEDIUM
    CVE-2025-21199

    Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization
Showing 20 of 293619 Results