Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-6302

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer ov... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6129

    A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-2499

    Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permiss... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 3.6

    LOW
    CVE-2025-2528

    Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Deskto... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-2562

    Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This is... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-5334

    Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances... Read more

    Affected Products : remote_desktop_manager
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 2.2

    LOW
    CVE-2024-4811

    In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Jul. 25, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-6972

    In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Jul. 25, 2024
    • Modified: Jul. 02, 2025

  • 2.6

    LOW
    CVE-2024-7998

    In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Aug. 21, 2024
    • Modified: Jul. 02, 2025

  • 2.6

    LOW
    CVE-2024-1656

    Affected versions of Octopus Server had a weak content security policy.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 11, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-9194

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, f... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 30, 2024
    • Modified: Jul. 02, 2025

  • 6.9

    MEDIUM
    CVE-2025-0589

    In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directo... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-0525

    In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-0513

    In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-0588

    In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would r... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-0539

    In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potenti... Read more

    Affected Products : windows octopus_server
    • Published: Apr. 10, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-0526

    In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.... Read more

    Affected Products : windows octopus_server
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-6555

    Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-6556

    Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-24042

    Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio_code vscode-js-debug
    • Published: Feb. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication
Showing 20 of 293675 Results