Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-11131

    A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-10442

    Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potent... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-10445

    Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remot... Read more

    Affected Products : diskstation_manager
    • Published: Mar. 19, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-10444

    Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecifi... Read more

    Affected Products : diskstation_manager
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-10441

    Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execut... Read more

    Affected Products : diskstation_manager
    • Published: Mar. 19, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-30140

    An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, ... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2024-57151

    SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function... Read more

    Affected Products : xinhu
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-12563

    The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to inc... Read more

    Affected Products : s2member
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-30142

    An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC addre... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30141

    An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-30139

    An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network witho... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-30138

    An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to... Read more

    Affected Products : g-onx_firmware g-onx
    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30137

    An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 an... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-29930

    imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php),... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-29907

    jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, ... Read more

    Affected Products : jspdf
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-29790

    Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6.... Read more

    Affected Products : contao
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.0

    MEDIUM
    CVE-2025-27080

    Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, p... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-25042

    A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potent... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-25040

    A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The ... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24801

    GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.... Read more

    Affected Products : glpi
    • Published: Mar. 18, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication
Showing 20 of 293261 Results