Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-6097

    In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.... Read more

    Affected Products : telerik_reporting
    • Published: Feb. 12, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-25746

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetWanSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 12, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25744

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 12, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-25743

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 12, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25742

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 12, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-25184

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-conce... Read more

    Affected Products : rack rack
    • Published: Feb. 12, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2025-25182

    Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with A... Read more

    Affected Products : stroom
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-1210

    A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Affected by this vulnerability is an unknown functionality of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack ca... Read more

    Affected Products : wazifa_system
    • Published: Feb. 12, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-1209

    A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is the function searchuser of the file /search_resualts.php. The manipulation of the argument firstname/lastname leads to cross site scripting. It is pos... Read more

    Affected Products : wazifa_system
    • Published: Feb. 12, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-11629

    In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.... Read more

    • Published: Feb. 12, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-11628

    In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.... Read more

    Affected Products : kendo_ui_for_vue kendo_ui_for_vue
    • Published: Feb. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25351

    PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.... Read more

    Affected Products : daily_expense_tracker_system
    • Published: Feb. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25349

    PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.... Read more

    Affected Products : daily_expense_tracker_system
    • Published: Feb. 12, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-1208

    A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /Profile.php. The manipulation of the argument postcontent leads to cross site scripting. The attack may... Read more

    Affected Products : wazifa_system
    • Published: Feb. 12, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-1207

    A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local networ... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-0556

    In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted t... Read more

    Affected Products : telerik_report_server
    • Published: Feb. 12, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-0516

    Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0332

    In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.... Read more

    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-9870

    An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2024-12629

    In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.... Read more

    Affected Products : kendoreact kendoreact
    • Published: Feb. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection
Showing 20 of 291634 Results