Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-4729

    A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. Th... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-4730

    A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4731

    A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_typ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4732

    A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6ad... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4733

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-26468

    CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-5934

    A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The ... Read more

    Affected Products : ex3700_firmware ex3700
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-57186

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-57189

    In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-57190

    Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-48448

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.... Read more

    Affected Products : drupal admin_audit_trail
    • Published: Jun. 11, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-6005

    A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6006

    A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injectio... Read more

    Affected Products : like-girl
    • Published: Jun. 12, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-5138

    A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launc... Read more

    Affected Products :
    • Published: May. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-25719

    ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded ... Read more

    Affected Products : control
    • Published: Feb. 13, 2023
    • Modified: Jun. 19, 2025

  • 9.8

    CRITICAL
    CVE-2023-25718

    In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (differen... Read more

    Affected Products : control
    • Published: Feb. 13, 2023
    • Modified: Jun. 19, 2025

  • 0.0

    NA
    CVE-2024-58077

    In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on comm... Read more

    Affected Products : linux_kernel
    • Published: Mar. 06, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-56694

    In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2024
    • Modified: Jun. 19, 2025

  • 7.8

    HIGH
    CVE-2024-46852

    In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was poss... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2024
    • Modified: Jun. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-45025

    In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fil... Read more

    Affected Products : linux_kernel
    • Published: Sep. 11, 2024
    • Modified: Jun. 19, 2025
Showing 20 of 293616 Results