Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-34029

    An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authentic... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-34024

    An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can injec... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-34023

    A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files o... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-25038

    An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attac... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2025-48059

    PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polyno... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 2.0

    LOW
    CVE-2025-52937

    Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025

  • 9.1

    CRITICAL
    CVE-2025-6547

    Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-48945

    pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel ... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-52936

    Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-23049

    Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet sharing is enabled.... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2025-27387

    OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.... Read more

    Affected Products : coloros
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-2171

    Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN... Read more

    Affected Products : controller
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.6

    MEDIUM
    CVE-2025-2172

    Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames... Read more

    Affected Products : controller
    • Published: Jun. 23, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-34021

    A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fai... Read more

    Affected Products :
    • Published: Jun. 20, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-25908

    A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save.... Read more

    Affected Products : tianti
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-55199

    A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the ... Read more

    Affected Products : celk_saude
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-53307

    A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more

    Affected Products : maps
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-25940

    VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.... Read more

    Affected Products : visicut
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: XML External Entity

  • 9.1

    CRITICAL
    CVE-2025-28197

    Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.... Read more

    Affected Products : crawl4ai
    • Published: Apr. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-3795

    A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launch... Read more

    Affected Products : daicuo
    • Published: Apr. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293650 Results