Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-27190

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass secu... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-3577

    **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by... Read more

    Affected Products : amg1302-t10b_firmware amg1302-t10b
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2025-6143

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url le... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6144

    A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6145

    A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argume... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6146

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads t... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6147

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6148

    A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submi... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6149

    A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to ... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6150

    A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-27206

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26413

    Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is  out of range. This issu... Read more

    Affected Products : kvrocks
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-43585

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security m... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-3518

    It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality i... Read more

    Affected Products : spark
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-43586

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-6162

    A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation o... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44022

    An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.... Read more

    Affected Products : vvveb
    • Published: May. 12, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-6163

    A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argumen... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2024-21211

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Orac... Read more

    • Published: Oct. 15, 2024
    • Modified: Jun. 23, 2025

  • 9.0

    HIGH
    CVE-2025-6164

    A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293626 Results