Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-41435

    YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.... Read more

    Affected Products : yugabytedb
    • Published: Sep. 03, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-41436

    ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.... Read more

    Affected Products : clickhouse
    • Published: Sep. 03, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2025-26639

    Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-42885

    SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.... Read more

    Affected Products : cdg
    • Published: Sep. 05, 2024
    • Modified: Jul. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-42759

    An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.... Read more

    Affected Products : ellevo
    • Published: Sep. 09, 2024
    • Modified: Jul. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-44085

    ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 ... Read more

    Affected Products : onlyoffice
    • Published: Sep. 09, 2024
    • Modified: Jul. 03, 2025

  • 8.8

    HIGH
    CVE-2023-37229

    Loftware Spectrum before 5.1 allows SSRF.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-39499

    Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.This issue affects Medicare: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-34198

    TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTT... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Aug. 28, 2024
    • Modified: Jul. 03, 2025

  • 7.4

    HIGH
    CVE-2025-21399

    Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47561

    Incorrect Privilege Assignment vulnerability in PT Norther Lights Production MapSVG allows Privilege Escalation.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: Jun. 09, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-47560

    Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: May. 16, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-47558

    Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: May. 23, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-38089

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet... Read more

    Affected Products : linux_kernel
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-40916

    Tiny File Manager v2.4.7 and below is vulnerable to session fixation.... Read more

    Affected Products : tiny_file_manager
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-57599

    Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php... Read more

    Affected Products : douphp
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55215

    An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.... Read more

    Affected Products : trojan
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2024-57357

    An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.... Read more

    Affected Products : tl-wpa8630_firmware tl-wpa8630
    • Published: Feb. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1186

    A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initi... Read more

    Affected Products : xunruicms
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-25205

    Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attacker... Read more

    Affected Products : audiobookshelf
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication
Showing 20 of 293651 Results