Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45797

    TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45790

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45789

    TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45788

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45787

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-44023

    An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the account_mgr.cgi->cgi_chg_admin_pw components.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-28073

    phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.... Read more

    Affected Products : phplist
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-9448

    On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be drop... Read more

    Affected Products : eos
    • Published: May. 08, 2025
    • Modified: May. 12, 2025

  • 4.9

    MEDIUM
    CVE-2025-27695

    Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more

    Affected Products : wyse_management_suite
    • Published: May. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-0505

    On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-8100

    On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-12378

    On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2024-11186

    On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-pre... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-4098

    Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.... Read more

    Affected Products : cscape
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-30102

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-30101

    Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service a... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-1948

    In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to alloca... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2024-13009

    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 2.8

    LOW
    CVE-2025-44021

    OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conduc... Read more

    Affected Products : ironic
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-26847

    An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.... Read more

    Affected Products : znuny
    • Published: May. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293681 Results