Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-5516

    A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-5515

    A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command in... Read more

    Affected Products : x2000r_firmware x2000r
    • Published: Jun. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-5513

    A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross sit... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30360

    webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `O... Read more

    Affected Products : webpack-dev-server
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-30359

    webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic scrip... Read more

    Affected Products : webpack-dev-server
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-5512

    A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authent... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-5511

    A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be ... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5510

    A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-32106

    In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.... Read more

    • Published: Jun. 03, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32105

    A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.... Read more

    Affected Products : img2020_firmware img2020
    • Published: Jun. 03, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-30167

    Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_... Read more

    Affected Products : jupyter_core
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-23107

    An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.... Read more

    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-5509

    A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the att... Read more

    Affected Products : shiyi-blog
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-5508

    A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross sit... Read more

    Affected Products : a3002ru_firmware a3002ru-v2
    • Published: Jun. 03, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-5507

    A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cros... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Jun. 03, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-45854

    /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.... Read more

    Affected Products : jehc-bpm
    • Published: Jun. 03, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-44148

    Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component... Read more

    Affected Products : mailenable
    • Published: Jun. 03, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-25022

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-25021

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-25020

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291618 Results