Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-40675

    A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'.... Read more

    Affected Products : bagisto
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-5870

    A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper auth... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5869

    A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5894

    Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system ... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5868

    A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validat... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-5867

    A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5893

    Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-5866

    A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.... Read more

    Affected Products : rt-thread rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5865

    A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout ... Read more

    Affected Products : rt-thread
    • Published: Jun. 09, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-5864

    A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manip... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-5863

    A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is... Read more

    Affected Products : ac5_firmware ac5
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-4652

    The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : broadstreet
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-47712

    A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, l... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-47711

    There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server c... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-3582

    The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : newsletter
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-3581

    The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Sc... Read more

    Affected Products : newsletter
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-25209

    The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor w... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-25208

    A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-25207

    The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is complete... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-5862

    A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initi... Read more

    Affected Products : ac7_firmware ac7
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291672 Results