Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-4733

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4732

    A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6ad... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-47809

    Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be ... Read more

    Affected Products : codemeter
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-51475

    IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : content_navigator
    • Published: May. 16, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-4731

    A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_typ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-4730

    A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation ... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4729

    A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. Th... Read more

    • Published: May. 16, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-47930

    Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel... Read more

    Affected Products : zulip zulip_server
    • Published: May. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4728

    A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to la... Read more

    Affected Products : best_online_news_portal
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-4727

    A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to inefficient regular exp... Read more

    Affected Products : meteor
    • Published: May. 15, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-4726

    A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. The attack can be... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-0921

    Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versio... Read more

    Affected Products : mc_works64
    • Published: May. 15, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4725

    A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /view_drive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4724

    A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /student_profile.php. The manipulation of the argument ID leads to sql inje... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4723

    A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. The ... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4722

    A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. It is possible to launch th... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-47287

    Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to gene... Read more

    Affected Products : tornado
    • Published: May. 15, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-47275

    Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can... Read more

    Affected Products : auth0
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4721

    A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The attack may be init... Read more

    Affected Products : placement_management_system
    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-4720

    A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path trav... Read more

    • Published: May. 15, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293611 Results