Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-0492

    A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit h... Read more

    Affected Products : dir-823x_firmware
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-0491

    A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the atta... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0490

    A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack ma... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0489

    A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated re... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-36751

    An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-0488

    A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. ... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0487

    A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0486

    A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The a... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-48126

    HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-48125

    An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-48123

    An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2024-48122

    Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-48121

    The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2025-22146

    Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to... Read more

    Affected Products : sentry
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-0485

    A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possibl... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-0484

    A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The atta... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0483

    A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack c... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-0482

    A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attac... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-54540

    The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.... Read more

    Affected Products : windows_10_22h2 music windows_11_24h2
    • Published: Jan. 15, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-54535

    A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.... Read more

    Affected Products : iphone_os watchos ipados visionos
    • Published: Jan. 15, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291274 Results