Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4448

    A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor w... Read more

    Affected Products : dir-619l_firmware dir-619l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-4446

    A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs... Read more

    Affected Products : gr-5400ax_firmware
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4445

    A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4443

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was conta... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4442

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. T... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: May. 09, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4441

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. Th... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: May. 08, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-4440

    A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local networ... Read more

    Affected Products : gr-1800ax_firmware
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-47733

    Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network... Read more

    Affected Products : power_apps
    • Published: May. 08, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-47732

    Microsoft Dataverse Remote Code Execution Vulnerability... Read more

    Affected Products : dataverse
    • Published: May. 08, 2025
    • Modified: May. 21, 2025

  • 8.1

    HIGH
    CVE-2025-33072

    Improper access control in Azure allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: May. 08, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-31946

    Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-29972

    Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.... Read more

    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.9

    CRITICAL
    CVE-2025-29827

    Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_automation
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-29813

    [Spoofable identity claims] Authentication Bypass by Assumed-Immutable Data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_devops
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-27720

    The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-27578

    Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1331

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.... Read more

    Affected Products : linux_kernel cics_tx
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1330

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.... Read more

    Affected Products : linux_kernel cics_tx
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1329

    IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.... Read more

    Affected Products : linux_kernel cics_tx
    • Published: May. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-28074

    phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, all... Read more

    Affected Products : phplist
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293947 Results