Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-45864

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-45866

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-45867

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-46506

    NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.... Read more

    Affected Products : netalertx *
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-6111

    A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack ca... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6110

    A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the... Read more

    Affected Products : fh1201_firmware fh1201
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6113

    A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the... Read more

    Affected Products : fh1203_firmware fh1203
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-47868

    Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RT... Read more

    Affected Products : nuttx
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-6119

    A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNo... Read more

    Affected Products : assimp
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-47869

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had har... Read more

    Affected Products : nuttx
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-6120

    A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-... Read more

    Affected Products : assimp
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2025-6121

    A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stac... Read more

    Affected Products : dir-632_firmware dir-632
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-35432

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jun. 17, 2025

  • 9.1

    CRITICAL
    CVE-2025-28384

    An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-21122

    Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more

    • Published: Jul. 16, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2025-28382

    An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.... Read more

    Affected Products : cosmos
    • Published: Jun. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-47091

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-35431

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-35433

    ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.... Read more

    Affected Products : zkbio_cvsecurity
    • Published: May. 30, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-28000

    Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.... Read more

    Affected Products : litespeed_cache
    • Published: Aug. 21, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293602 Results