Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-1614

    A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pf_Descripti... Read more

    Affected Products : an5506-01-a_firmware an5506-01-a
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-1613

    A vulnerability was found in FiberHome AN5506-01A ONU GPON RP2511. It has been rated as problematic. This issue affects some unknown processing of the file /goform/URL_filterCfg of the component URL Filtering Submenu. The manipulation of the argument url_... Read more

    Affected Products : an5506-01-a_firmware
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1612

    A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be init... Read more

    Affected Products : br-6288acl_firmware br-6288acl
    • Published: Feb. 24, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-1611

    A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to in... Read more

    Affected Products : shopxo
    • Published: Feb. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1610

    A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. The attack... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1609

    A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2024-55898

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Feb. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-1608

    A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. It is possible to la... Read more

    Affected Products :
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1607

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authori... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1606

    A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be i... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-1599

    A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img l... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 24, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1598

    A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 le... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 24, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-22635

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jyothis Joy Eventer allows Reflected XSS. This issue affects Eventer: from n/a through n/a.... Read more

    Affected Products : eventer
    • Published: Feb. 23, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-22633

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Matt Cromwell Give – Divi Donation Modules allows Retrieve Embedded Sensitive Data. This issue affects Give – Divi Donation Modules: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-22632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing allows Stored XSS. This issue affects WooCommerce Pricing – Product Pricing: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-22631

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation allows Reflected XSS. This issue affects Marketing Automation: from n/a through 1.2.6.8.... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1597

    A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It i... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1596

    A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The attack ma... Read more

    Affected Products : best_church_management_software
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-1595

    A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack... Read more

    Affected Products :
    • Published: Feb. 23, 2025
    • Modified: Feb. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-1594

    A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It i... Read more

    Affected Products : ffmpeg
    • Published: Feb. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291736 Results