Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-48444

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal quick_node_block
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-48447

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.... Read more

    Affected Products : drupal lightgallery
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-6130

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to bu... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6138

    A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4729

    A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. Th... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-4730

    A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4731

    A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_typ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4732

    A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6ad... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4733

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-26468

    CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-5934

    A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The ... Read more

    Affected Products : ex3700_firmware ex3700
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-57186

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-57189

    In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-57190

    Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-48448

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.... Read more

    Affected Products : drupal admin_audit_trail
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-6005

    A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6006

    A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injectio... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-5138

    A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launc... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-25719

    ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded ... Read more

    Affected Products : control
    • Published: Feb. 13, 2023
    • Modified: Jun. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-25718

    In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (differen... Read more

    Affected Products : control
    • Published: Feb. 13, 2023
    • Modified: Jun. 19, 2025
Showing 20 of 293620 Results