Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-5455

    An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" pa... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-5438

    A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. T... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-5437

    A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is po... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-5436

    A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remot... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-5435

    A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The ex... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-5113

    The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0358

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.... Read more

    Affected Products : axis_os
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0325

    A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.... Read more

    Affected Products : axis_os
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-0324

    The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.... Read more

    Affected Products : axis_os
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-5434

    A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. T... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5433

    A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection... Read more

    Affected Products : feng_office
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-4010

    The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attack... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-1235

    A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.... Read more

    Affected Products :
    • Published: Jun. 02, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-5432

    A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5431

    A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2025-3951

    The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress config... Read more

    Affected Products : wp-optimize
    • Published: Jun. 02, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-1485

    The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform S... Read more

    Affected Products : wordpress_real_cookie_banner
    • Published: Jun. 02, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5430

    A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. ... Read more

    Affected Products : assamlook_cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5429

    A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-49113

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.... Read more

    Affected Products : webmail roundcube
    • Published: Jun. 02, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 291867 Results