Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-5532

    The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5531

    The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input s... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-5554

    A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fro... Read more

    Affected Products : rail_pass_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5553

    A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. ... Read more

    Affected Products : rail_pass_management_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5552

    A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be ini... Read more

    Affected Products : chestnutcms chestnutcms
    • Published: Jun. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49223

    billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : billboard.js
    • Published: Jun. 04, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-5551

    A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5550

    A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. T... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5549

    A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched ... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5548

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The e... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5547

    A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotel... Read more

    Affected Products : freefloat_ftp_server ftp_server
    • Published: Jun. 04, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-5546

    A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. Th... Read more

    Affected Products : daily_expense_tracker_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-5545

    A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manip... Read more

    Affected Products : oa_system
    • Published: Jun. 04, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-5544

    A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.ja... Read more

    Affected Products : oa_system
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-5543

    A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-24015

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect ke... Read more

    Affected Products : deno
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-5542

    A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type le... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5527

    A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer o... Read more

    Affected Products : rx3_firmware rx3
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-49002

    DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohi... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49001

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10.... Read more

    Affected Products : dataease
    • Published: Jun. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 291395 Results