Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-41231

    VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.... Read more

    Affected Products : cloud_foundation
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-3582

    The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : newsletter
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-4977

    A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may ... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    HIGH
    CVE-2025-4978

    A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It ... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-53359

    An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request.... Read more

    Affected Products : zalo
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4980

    A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The... Read more

    Affected Products : dgnd3700_firmware dgnd3700
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-26086

    An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time... Read more

    Affected Products : management_system
    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-22157

    This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This... Read more

    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5000

    A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulatio... Read more

    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4999

    A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation ... Read more

    • Published: May. 20, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-5792

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of t... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5793

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_ty... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-5796

    A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can ... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-5797

    A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may ... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-5857

    A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql injection. The ... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-47814

    libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.... Read more

    Affected Products : pspp
    • Published: May. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-3581

    The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Sc... Read more

    Affected Products : newsletter
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-4652

    The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : broadstreet
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2024-32888

    The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection i... Read more

    Affected Products :
    • Published: May. 15, 2024
    • Modified: Jun. 12, 2025

  • 8.1

    HIGH
    CVE-2024-27289

    pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minu... Read more

    Affected Products :
    • Published: Mar. 06, 2024
    • Modified: Jun. 12, 2025
Showing 20 of 293358 Results