Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-1629

    A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of e... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-1618

    A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack ca... Read more

    Affected Products : crm
    • Published: Feb. 24, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-1617

    A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate th... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1616

    A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this issue is some unknown functionality of the component Diagnosis. The manipulation of the argument Destination Address leads to os co... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-1615

    A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scriptin... Read more

    Affected Products : an5506-01-a_firmware an5506-01-a
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-1614

    A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pf_Descripti... Read more

    Affected Products : an5506-01-a_firmware an5506-01-a
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-1613

    A vulnerability was found in FiberHome AN5506-01A ONU GPON RP2511. It has been rated as problematic. This issue affects some unknown processing of the file /goform/URL_filterCfg of the component URL Filtering Submenu. The manipulation of the argument url_... Read more

    Affected Products : an5506-01-a_firmware
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1612

    A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be init... Read more

    Affected Products : br-6288acl_firmware br-6288acl
    • Published: Feb. 24, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-1611

    A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to in... Read more

    Affected Products : shopxo
    • Published: Feb. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1610

    A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1609

    A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-55898

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Feb. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-1608

    A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. It is possible to la... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1607

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authori... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1606

    A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be i... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-1599

    A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img l... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1598

    A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 le... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-22635

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jyothis Joy Eventer allows Reflected XSS. This issue affects Eventer: from n/a through n/a.... Read more

    Affected Products : eventer
    • Published: Feb. 23, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-22633

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give – Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give – Divi Donation Modules: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-22632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing allows Stored XSS. This issue affects WooCommerce Pricing – Product Pricing: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291641 Results