Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-6621

    A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the atta... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6620

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6619

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The at... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6618

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch th... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-6445

    ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulner... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-6444

    ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vul... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-5834

    Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authenticat... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-5833

    Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication ... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-5832

    Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Pioneer DMH-WT7600NEX devices. Authen... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5830

    Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wall... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-5829

    Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger A... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-5828

    Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV c... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5827

    Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-5826

    Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commerci... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5825

    Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging st... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-5824

    Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An att... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-5823

    Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Com... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-5822

    Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charg... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49550

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security ... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 25, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-49549

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to b... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Jun. 25, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization
Showing 20 of 292818 Results