Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-2860

    SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the u... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-2859

    An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Cryptography

  • 8.5

    HIGH
    CVE-2025-2858

    Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-28221

    Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.... Read more

    Affected Products : w6-s_firmware w6-s
    • Published: Mar. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-28220

    Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.... Read more

    Affected Products : w6-s_firmware w6-s
    • Published: Mar. 28, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-28219

    Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.... Read more

    Affected Products : dc112a_firmware dc112a
    • Published: Mar. 28, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-1781

    There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).  This could be exploited to read arbitrary local files if an attacker has access t... Read more

    Affected Products : css_validator
    • Published: Mar. 28, 2025
    • Modified: Aug. 01, 2025

  • 4.5

    MEDIUM
    CVE-2025-0986

    IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW a... Read more

    • Published: Mar. 28, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-2911

    Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-2910

    User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-2909

    The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-2908

    The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2024-7407

    Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduce... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cryptography

  • 8.6

    HIGH
    CVE-2024-11504

    Input from multiple fields in Streamsoft Prestiż is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.  This issue was fixed in 18.1.376.37 version of the software.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-31474

    Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer allows Cross Site Request Forgery. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-31473

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewprice1178 WP Database Optimizer allows Stored XSS. This issue affects WP Database Optimizer: from n/a through 1.2.1.3.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-31472

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michele Marri Flatty allows Stored XSS. This issue affects Flatty: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-31471

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Falcon Solutions Duplicate Page and Post allows Stored XSS. This issue affects Duplicate Page and Post: from n/a through 1.0.... Read more

    Affected Products : duplicate_page_and_post
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-31470

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Page Takeover allows Stored XSS. This issue affects Page Takeover: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-31469

    Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization
Showing 20 of 292247 Results