Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-30897

    Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.... Read more

    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-30873

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 11.0.2.... Read more

    • Published: Mar. 27, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-3461

    The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue a... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-3460

    The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-3459

    The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32459

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument I... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32458

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32457

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Ar... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32456

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argu... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32455

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Inj... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-24330

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Jan. 30, 2024
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-0589

    Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entr... Read more

    Affected Products : windows remote_desktop_manager
    • Published: Jan. 31, 2024
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2023-51210

    SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.... Read more

    Affected Products : bundle_product
    • Published: Jan. 23, 2024
    • Modified: Jun. 09, 2025

  • 9.0

    HIGH
    CVE-2025-5787

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the ar... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5788

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of th... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5789

    A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buff... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5790

    A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer o... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5794

    A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The... Read more

    Affected Products : ac5_firmware ac5
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5795

    A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to init... Read more

    Affected Products : ac5_firmware ac5
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5798

    A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possib... Read more

    Affected Products : ac8_firmware ac8
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293284 Results