Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-5850

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5849

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5848

    A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argume... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-3461

    The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue a... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-3460

    The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-3459

    The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35010

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35009

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35008

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization o... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35007

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization o... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35006

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralizatio... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35005

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35004

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32459

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument I... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32458

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32457

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Ar... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32456

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argu... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32455

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Inj... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-5847

    A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the... Read more

    Affected Products : ac9_firmware ac9
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-27563

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.... Read more

    Affected Products : openharmony
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291401 Results