Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2025-5630

    A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can ... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-5508

    A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross sit... Read more

    Affected Products : a3002ru_firmware a3002ru-v2
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5698

    A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /sysframework/logSelect.htm. The manipulation of the argument nodename leads to sql injecti... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-49012

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using grou... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-5719

    The wallet has an authentication bypass vulnerability that allows access to specific pages.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-1778

    The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, wit... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-5534

    The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-3322

    An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.... Read more

    Affected Products : onlinesuite_application_package
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-48783

    An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-5697

    A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-5745

    The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc6... Read more

    Affected Products : glibc
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-5733

    The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible fo... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-5541

    The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5680

    A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptControll... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-46941

    SystemUI has an incorrect component protection setting, which allows access to specific information.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-1777

    The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-2935

    The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.... Read more

    Affected Products : stop_spammers
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-3365

    A missing protection against path traversal allows to access any file on the server.... Read more

    Affected Products : onlinesuite_application_package
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-3321

    A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.... Read more

    Affected Products : onlinesuite_application_package
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-48780

    A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection
Showing 20 of 292792 Results