Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-5909

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to b... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5910

    A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5911

    A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to b... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5912

    A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be in... Read more

    Affected Products : dir-632_firmware dir-632
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5913

    A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql in... Read more

    Affected Products : vehicle_record_management_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49709

    Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-49710

    An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-48445

    Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.... Read more

    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48446

    Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.... Read more

    Affected Products : drupal commerce_alphabank_redirect
    • Published: Jun. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5357

    A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PWD Command Handler. The manipulation leads to buffer overflow. The attack can be launched... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: May. 30, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2018-25111

    django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.... Read more

    Affected Products : django-helpdesk
    • Published: May. 31, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-5428

    A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiat... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5430

    A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. ... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5432

    A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-37394

    A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. T... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-3834

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-3836

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-37395

    A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. Th... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-41403

    Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 22, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-36527

    Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: May. 23, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection
Showing 20 of 293437 Results