Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-41360

    Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-39358

    Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Posts Carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through 1.3.12.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5759

    A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5758

    A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to i... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-5757

    A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/... Read more

    Affected Products : traffic_offense_reporting_system
    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5756

    A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/EditCity.php. The manipulation leads to sql injection. T... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5755

    A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is p... Read more

    • Published: Jun. 06, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-5192

    A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-48784

    A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-48783

    An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-48782

    An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-48781

    An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-48780

    A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-5739

    A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to bu... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5738

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5737

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-3365

    A missing protection against path traversal allows to access any file on the server.... Read more

    Affected Products : onlinesuite_application_package
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2025-3322

    An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.... Read more

    Affected Products : onlinesuite_application_package
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-5736

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads t... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5735

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea... Read more

    Affected Products : x15_firmware x15
    • Published: Jun. 06, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291593 Results