Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-4840

    The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : likes_and_dislikes
    • Published: Jun. 10, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-1041

    An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.... Read more

    Affected Products : call_management_system
    • Published: Jun. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-5952

    A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initi... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-5935

    A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id l... Read more

    Affected Products : open5gs
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-3076

    The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5934

    A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The ... Read more

    Affected Products : ex3700_firmware ex3700
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-5925

    The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for una... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-5913

    A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql in... Read more

    Affected Products : vehicle_record_management_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-5912

    A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be in... Read more

    Affected Products : dir-632_firmware dir-632
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-4601

    The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_pr... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4387

    The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-5911

    A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to b... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5910

    A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5909

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to b... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5908

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5907

    A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5906

    A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has b... Read more

    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-42998

    The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no i... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-42996

    SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degr... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-42995

    SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on con... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291617 Results