Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-28056

    rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.... Read more

    Affected Products : rebuild
    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-28055

    upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit... Read more

    Affected Products : upset-gal-web
    • Published: May. 13, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-22462

    An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.... Read more

    Affected Products : neurons_for_itsm
    • Published: May. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-56526

    An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.... Read more

    Affected Products : eshop
    • Published: May. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2024-48766

    NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.... Read more

    Affected Products : netalertx *
    • Published: May. 13, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 10.0

    CRITICAL
    CVE-2024-46506

    NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.... Read more

    Affected Products : netalertx *
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-45867

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-45866

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-45864

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-45859

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-44831

    EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.... Read more

    Affected Products : engineercms
    • Published: May. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-44039

    CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing in... Read more

    Affected Products : cp-xr-de21-s_firmware cp-xr-de21-s
    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32756

    A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through ... Read more

    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-30159

    Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()` method with a dynamic snippet name (such as a snippet name ... Read more

    Affected Products : kirby
    • Published: May. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-28057

    owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order.... Read more

    Affected Products : owl_admin
    • Published: May. 13, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-22859

    A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.... Read more

    Affected Products : forticlientems forticlientems_cloud
    • Published: May. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-22460

    Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 2.5

    LOW
    CVE-2024-35281

    An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to ... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2024-12533

    Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 be... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-42446

    APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.... Read more

    Affected Products : aptio_v
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Race Condition
Showing 20 of 293659 Results