Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-5903

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buf... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-0037

    In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 3.2

    LOW
    CVE-2025-0036

    In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2025-5902

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to b... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5901

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Fil... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-30515

    CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30507

    CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-30183

    CyberData 011209 Intercom does not properly store or protect web server admin credentials.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-26468

    CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-5900

    A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to... Read more

    Affected Products : ac9_firmware ac9
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-5899

    A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not... Read more

    Affected Products : pspp
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-5898

    A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack nee... Read more

    Affected Products : pspp
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-49140

    Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect use... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-30184

    CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-5897

    A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation ... Read more

    Affected Products : vue_cli
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-5896

    A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complex... Read more

    Affected Products : taro
    • Published: Jun. 09, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-49141

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later pa... Read more

    • Published: Jun. 09, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-49139

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the... Read more

    • Published: Jun. 09, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-49138

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on t... Read more

    Affected Products : hax haxcms-php haxcms-nodejs haxcms-php
    • Published: Jun. 09, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-49137

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' ... Read more

    • Published: Jun. 09, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291562 Results