Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-34048

    A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpa... Read more

    Affected Products : dsl-2750u_firmware
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-34047

    A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw aris... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-34046

    An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain paramete... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-34045

    A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_downl... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2025-34044

    A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute ... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34043

    A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1.4 due to improper input sanitization in the board.cgi script. The vulnerability allows unauthenticated attackers to pass arbitrary commands to the underlying... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-34042

    An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware version M2.1.6.04C014 via the ServerName and TimeZone parameters in the servetest CGI page. An attacker with access to the web interface can inject arbitrary sys... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-6698

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argu... Read more

    Affected Products : wegia
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-6697

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation ... Read more

    Affected Products : wegia
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-6696

    A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/S... Read more

    Affected Products : wegia
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.9

    HIGH
    CVE-2025-53007

    arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP... Read more

    Affected Products : arduino-esp32
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-53002

    LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_f... Read more

    Affected Products : llama-factory
    • Published: Jun. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-52902

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting ... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-52900

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by t... Read more

    Affected Products : filebrowser
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-52887

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be rele... Read more

    Affected Products : cpp-httplib cpp-httplib
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-51672

    A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname ... Read more

    Affected Products : dairy_farm_shop_management_system
    • Published: Jun. 26, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29331

    An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates... Read more

    Affected Products : 3x-ui
    • Published: Jun. 26, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-56915

    Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.... Read more

    Affected Products : netbox netbox
    • Published: Jun. 26, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-6710

    MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow ... Read more

    Affected Products : mongodb
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-6709

    The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to ... Read more

    Affected Products : mongodb
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292811 Results