Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-6187

    A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be ini... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 7.2

    HIGH
    CVE-2024-6269

    A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the ar... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 23, 2024
    • Modified: Aug. 21, 2025

  • 8.5

    HIGH
    CVE-2024-39567

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This... Read more

    • Published: Jul. 09, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3738

    A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is p... Read more

    Affected Products : nginx_ui nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3739

    A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiate... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3740

    A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack ma... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-30953

    A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module.... Read more

    Affected Products : htmly
    • Published: Apr. 17, 2024
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-27306

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) ... Read more

    Affected Products : fedora aiohttp
    • Published: Apr. 18, 2024
    • Modified: Aug. 21, 2025

  • 8.4

    HIGH
    CVE-2024-32462

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, ... Read more

    Affected Products : fedora flatpak
    • Published: Apr. 18, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-31011

    Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.... Read more

    Affected Products : beescms
    • Published: Apr. 03, 2024
    • Modified: Aug. 21, 2025

  • 7.2

    HIGH
    CVE-2025-2773

    BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication ... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-2772

    BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Auth... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-8909

    Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-8910

    Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-8911

    Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-8912

    Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-8913

    Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8914

    Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : organization_portal_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2025-8515

    A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may... Read more

    Affected Products : incontrol_web
    • Published: Aug. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-26065

    A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.... Read more

    • Published: Aug. 04, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291389 Results