Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-25478

    The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password.... Read more

    Affected Products : syspass
    • Published: Feb. 28, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-25476

    A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component.... Read more

    Affected Products : syspass
    • Published: Feb. 28, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-25379

    Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.... Read more

    Affected Products : 07flycms
    • Published: Feb. 28, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-26466

    A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client m... Read more

    • Published: Feb. 28, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Denial of Service

  • 7.6

    HIGH
    CVE-2024-1509

    Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade at... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-27414

    MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized... Read more

    Affected Products : minio
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-27413

    PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (`../`) sequences. This is problematic for the template upd... Read more

    Affected Products : pwndoc
    • Published: Feb. 28, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-27410

    PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriti... Read more

    Affected Products : pwndoc
    • Published: Feb. 28, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-0769

    PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php.... Read more

    Affected Products : pixelyoursite
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-25635

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Feb. 28, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-25610

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Feb. 28, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-25609

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Feb. 28, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-25429

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-25428

    TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2025-1795

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result ... Read more

    Affected Products : python
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-0160

    IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.... Read more

    Affected Products : storage_virtualize
    • Published: Feb. 28, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-0159

    IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.... Read more

    Affected Products : storage_virtualize
    • Published: Feb. 28, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-27408

    Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to th... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-25431

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.... Read more

    • Published: Feb. 28, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-25430

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292518 Results