Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-5034

    The wp-file-download WordPress plugin before 6.2.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_file_download
    • Published: Jun. 21, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-6399

    A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-52552

    FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious Ja... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-52488

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to ... Read more

    Affected Products : dotnetnuke
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-52487

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Lo... Read more

    Affected Products : dotnetnuke
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-52486

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly saniti... Read more

    Affected Products : dotnetnuke
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-52485

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint w... Read more

    Affected Products : dotnetnuke
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6394

    A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_reserve.php. The manipulation of the argument firstname le... Read more

    • Published: Jun. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-52557

    Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-52556

    rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2025-6393

    A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv... Read more

    • Published: Jun. 21, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-6375

    A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to ... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6374

    A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The atta... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: Jun. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6218

    RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the ... Read more

    Affected Products : windows winrar
    • Published: Jun. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2025-6217

    PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtai... Read more

    Affected Products : device_driver
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-6216

    Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. T... Read more

    Affected Products : allegra
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5820

    Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. T... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-5479

    Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must ... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5478

    Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not require... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-5477

    Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ... Read more

    Affected Products : xav-ax8500_firmware xav-ax8500
    • Published: Jun. 21, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292425 Results