Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-2958

    A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial ... Read more

    Affected Products : tew-818dru_firmware tew-818dru
    • Published: Mar. 30, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-2957

    A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The a... Read more

    Affected Products :
    • Published: Mar. 30, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-2956

    A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to ... Read more

    Affected Products :
    • Published: Mar. 30, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-2955

    A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to ... Read more

    Affected Products : a3000ru_firmware a3000ru
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-2954

    A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access contro... Read more

    Affected Products : openmanus
    • Published: Mar. 30, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-2953

    A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h... Read more

    Affected Products : pytorch
    • Published: Mar. 30, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-2952

    A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload. The att... Read more

    Affected Products : micro_mall
    • Published: Mar. 30, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2951

    A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The ... Read more

    Affected Products : micro_mall
    • Published: Mar. 30, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1861

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the ... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-1736

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lea... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-1734

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse ... Read more

    Affected Products : php ontap
    • Published: Mar. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-1219

    In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the re... Read more

    Affected Products : php
    • Published: Mar. 30, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-55895

    IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    • Published: Mar. 29, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-11180

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and o... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Mar. 29, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-2840

    The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-2803

    The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running ... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-2266

    The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This... Read more

    Affected Products : checkout_mestres_wp
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-2249

    The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated a... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2006

    The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenti... Read more

    Affected Products : inline_image_upload_for_bbpress
    • Published: Mar. 29, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-13557

    The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before... Read more

    Affected Products :
    • Published: Mar. 29, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 292838 Results