Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-37229

    Loftware Spectrum before 5.1 allows SSRF.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-39499

    Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.This issue affects Medicare: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-34198

    TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTT... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Aug. 28, 2024
    • Modified: Jul. 03, 2025

  • 7.4

    HIGH
    CVE-2025-21399

    Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47561

    Incorrect Privilege Assignment vulnerability in PT Norther Lights Production MapSVG allows Privilege Escalation.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: Jun. 09, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-47560

    Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: May. 16, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-47558

    Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: May. 23, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-38089

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet... Read more

    Affected Products : linux_kernel
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-40916

    Tiny File Manager v2.4.7 and below is vulnerable to session fixation.... Read more

    Affected Products : tiny_file_manager
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-57599

    Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php... Read more

    Affected Products : douphp
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55215

    An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.... Read more

    Affected Products : trojan
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2024-57357

    An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.... Read more

    Affected Products : tl-wpa8630_firmware tl-wpa8630
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1186

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initi... Read more

    Affected Products : xunruicms
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-25205

    Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attacker... Read more

    Affected Products : audiobookshelf
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-54792

    A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editin... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.1

    CRITICAL
    CVE-2024-54794

    The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-54795

    SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.... Read more

    Affected Products : spagobi
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-24420

    A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products : magma
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-24421

    A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.... Read more

    Affected Products : magma
    • Published: Jan. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-24717

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.... Read more

    Affected Products : modal_window
    • Published: Jan. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293645 Results