Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-3795

    A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launch... Read more

    Affected Products : daicuo
    • Published: Apr. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-25382

    An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.... Read more

    Affected Products : sanchaya
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-25620

    Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-53591

    An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : seclore
    • Published: Apr. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-42733

    An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input... Read more

    Affected Products : tornado
    • Published: Mar. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-27190

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass secu... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-3577

    **UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by... Read more

    Affected Products : amg1302-t10b_firmware amg1302-t10b
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2025-6143

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url le... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6144

    A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6145

    A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argume... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6146

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads t... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6147

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6148

    A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submi... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6149

    A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to ... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6150

    A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-27206

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26413

    Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is  out of range. This issu... Read more

    Affected Products : kvrocks
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-43585

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security m... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-3518

    It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality i... Read more

    Affected Products : spark
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-43586

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization
Showing 20 of 293631 Results