Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-25768

    MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-25767

    A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25605

    Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25604

    Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.... Read more

    Affected Products : x5000r_firmware x5000r
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2020-19248

    SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses ev... Read more

    Affected Products : pbootcms
    • Published: Feb. 21, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-25878

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2025-25877

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-25876

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-25875

    A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.... Read more

    Affected Products : simple_chatbox
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-25766

    An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-25765

    MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.... Read more

    Affected Products : mrcms
    • Published: Feb. 21, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-57176

    An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.... Read more

    Affected Products : white-jotter
    • Published: Feb. 21, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Path Traversal

  • 4.2

    MEDIUM
    CVE-2024-55159

    GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the SortName parameter at /system/loginLog/list.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-55156

    An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-26014

    A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.... Read more

    Affected Products : loggrove
    • Published: Feb. 21, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-25510

    Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.... Read more

    Affected Products : ac8_firmware ac8
    • Published: Feb. 21, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25507

    There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Feb. 21, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25505

    Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Feb. 21, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-1548

    A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site script... Read more

    Affected Products : dreamer_cms
    • Published: Feb. 21, 2025
    • Modified: Apr. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1546

    A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the... Read more

    Affected Products :
    • Published: Feb. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection
Showing 20 of 291728 Results