Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-57176

    An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.... Read more

    Affected Products : white-jotter
    • Published: Feb. 21, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 4.2

    MEDIUM
    CVE-2024-55159

    GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-55156

    An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-26014

    A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-25510

    Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Feb. 21, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25507

    There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Feb. 21, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25505

    Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Feb. 21, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-1548

    A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site script... Read more

    Affected Products : dreamer_cms
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1546

    A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-1403

    Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.... Read more

    Affected Products : qiskit
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-45673

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be... Read more

    • Published: Feb. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-26013

    An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-1544

    A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Affected is an unknown function of the file /ajax/loadShopInfo.php. The manipulation of the argument shopId leads to sql injection. It is possible to launch the ... Read more

    Affected Products : dingfanzu
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-1543

    A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated... Read more

    Affected Products : dreamer_cms
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-1539

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may ... Read more

    Affected Products : dap-1320_firmware
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-1538

    A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The ex... Read more

    Affected Products : dap-1320_firmware dap-1320
    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-1537

    A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument codexame leads to sql injection. The atta... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1536

    A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpn_template_style.php of the component Request Parameter Handler. The manip... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0838

    There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass... Read more

    Affected Products : debian_linux common_libraries
    • Published: Feb. 21, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-10222

    The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack... Read more

    Affected Products : svg_support
    • Published: Feb. 21, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291717 Results