Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-25387

    A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.... Read more

    Affected Products : land_record_system
    • Published: Feb. 13, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-26511

    Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-25901

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : tl-wr841nd_firmware tl-wr841nd
    • Published: Feb. 13, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-25900

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-25899

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-25898

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : tl-wr841nd_firmware tl-wr841nd
    • Published: Feb. 13, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25897

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : tl-wr841nd_firmware tl-wr841nd
    • Published: Feb. 13, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-25357

    A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter.... Read more

    Affected Products : land_record_system
    • Published: Feb. 13, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-25356

    A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter.... Read more

    Affected Products : land_record_system
    • Published: Feb. 13, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-25355

    A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.... Read more

    Affected Products : land_record_system
    • Published: Feb. 13, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-25354

    A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.... Read more

    Affected Products : land_record_system
    • Published: Feb. 13, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-25352

    A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.... Read more

    Affected Products : land_record_system
    • Published: Feb. 13, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-25287

    Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires hig... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-24904

    libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injecte... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-24903

    libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impers... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-22480

    Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privilege... Read more

    Affected Products : supportassist
    • Published: Feb. 13, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Path Traversal

  • 6.2

    MEDIUM
    CVE-2025-0426

    A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.... Read more

    Affected Products : kubernetes
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Denial of Service

  • 7.6

    HIGH
    CVE-2024-12013

    A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2024-12012

    A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and the... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cryptography

  • 7.6

    HIGH
    CVE-2024-12011

    A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291728 Results