Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-42983

    SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete da... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-42982

    SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-42977

    SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confid... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-31325

    Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-23192

    SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to p... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5905

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Passw... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5904

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argume... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5903

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buf... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-0037

    In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 3.2

    LOW
    CVE-2025-0036

    In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2025-5902

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to b... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5901

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Fil... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-30515

    CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30507

    CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-30183

    CyberData 011209 Intercom does not properly store or protect web server admin credentials.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-26468

    CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.... Read more

    • Published: Jun. 09, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-5900

    A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to... Read more

    Affected Products : ac9_firmware ac9
    • Published: Jun. 09, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-5899

    A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not... Read more

    Affected Products : pspp
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-5898

    A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack nee... Read more

    Affected Products : pspp
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-49140

    Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect use... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291589 Results