Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-5873

    A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted up... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-22481

    A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulner... Read more

    Affected Products : quts_hero qts
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35004

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35010

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-5864

    A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manip... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5894

    Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system ... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-25209

    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor w... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-25208

    A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-25207

    The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is complete... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5870

    A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper auth... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-5806

    Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to... Read more

    Affected Products : gatling
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-5814

    The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible fo... Read more

    Affected Products :
    • Published: Jun. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-5303

    The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and in... Read more

    Affected Products :
    • Published: Jun. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-47601

    Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Jun. 07, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-40675

    A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'.... Read more

    Affected Products : bagisto
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-3835

    Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025

  • 0.0

    NA
    CVE-2025-38004

    In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can b... Read more

    Affected Products : linux_kernel
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-38003

    In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unrelia... Read more

    Affected Products : linux_kernel
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-35005

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-33031

    An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerabil... Read more

    Affected Products : file_station
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292860 Results