Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-6644

    PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vuln... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-6643

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-6642

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this ... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-6641

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-6640

    PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vuln... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-6443

    Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.... Read more

    Affected Products : routeros
    • Published: Jun. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6665

    A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /php_action/editBrand.php. The manipulation of the argument editBrandStatus ... Read more

    Affected Products : inventory_management_system
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-6664

    A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : patient_record_management_system
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-36038

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-45333

    berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.... Read more

    Affected Products : abc
    • Published: Jun. 25, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-6627

    A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jun. 25, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-6678

    Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial char... Read more

    • Published: Jun. 25, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6621

    A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the atta... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6620

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6619

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The at... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6618

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch th... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: Jun. 25, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-6445

    ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulner... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-6444

    ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vul... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-5834

    Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Although authenticat... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-5833

    Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of Pioneer DMH-WT7600NEX devices. Authentication ... Read more

    • Published: Jun. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 293350 Results