Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-44022

    An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism.... Read more

    Affected Products : vvveb
    • Published: May. 12, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-6163

    A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argumen... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2024-21211

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Orac... Read more

    • Published: Oct. 15, 2024
    • Modified: Jun. 23, 2025

  • 9.0

    HIGH
    CVE-2025-6164

    A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-27636

    Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to versio... Read more

    Affected Products : camel
    • Published: Mar. 09, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-6165

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 17, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-2123

    A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywo... Read more

    Affected Products : geshi
    • Published: Mar. 09, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2148

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None lead... Read more

    Affected Products : pytorch pytorch
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2025-2149

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initializ... Read more

    Affected Products : pytorch pytorch
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-26865

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, ... Read more

    Affected Products : ofbiz
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025

  • 4.5

    MEDIUM
    CVE-2025-46646

    In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.... Read more

    Affected Products : ghostscript
    • Published: Apr. 26, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2023-52722

    An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.... Read more

    Affected Products : ghostscript
    • Published: Apr. 28, 2024
    • Modified: Jun. 23, 2025

  • 8.8

    HIGH
    CVE-2025-25614

    Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.... Read more

    Affected Products : unifiedtransform
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-40445

    A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.... Read more

    Affected Products : mimetex
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-40446

    An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script... Read more

    Affected Products : mimetex
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025

  • 8.8

    HIGH
    CVE-2025-5419

    Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Actively Exploited
    • Published: Jun. 03, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2024-46546

    NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fleta_ax1500_firmware fleta_ax1500
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-29547

    In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000.... Read more

    Affected Products : rollback_rx_pro
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2024-33452

    An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.... Read more

    Affected Products : lua-nginx-module
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2023-43378

    A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter.... Read more

    Affected Products : hoteldruid
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293650 Results