Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-29359

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29358

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29357

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-57348

    Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters.... Read more

    Affected Products : pecan
    • Published: Mar. 13, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-28803

    Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter... Read more

    Affected Products : i-mcs_nfv
    • Published: Mar. 13, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2024-22880

    Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component.... Read more

    Affected Products : zadarma
    • Published: Mar. 13, 2025
    • Modified: Apr. 02, 2025

  • 8.1

    HIGH
    CVE-2025-2280

    Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.... Read more

    Affected Products : devolutions_server
    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-2278

    Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.... Read more

    Affected Products : devolutions_server
    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-2277

    Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.... Read more

    Affected Products : devolutions_server
    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-1636

    Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-1635

    Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business ... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-10942

    The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for una... Read more

    Affected Products : all-in-one_wp_migration
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-29998

    This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-29997

    This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to ot... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-29996

    This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/pay... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-29995

    This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-29994

    This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through A... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-21104

    Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application ... Read more

    • Published: Mar. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-25175

    A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. T... Read more

    Affected Products : simcenter_femap
    • Published: Mar. 13, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-1785

    The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite... Read more

    Affected Products : download_manager download_manager
    • Published: Mar. 13, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Path Traversal
Showing 20 of 292907 Results