Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-5417

    An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, ca... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-7496

    The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : wpc_smart_compare_for_woocommerce
    • Published: Aug. 19, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-54862

    Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-54759

    Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-54156

    The Sante PACS Server Web Portal sends credential information without encryption.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-53948

    The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.... Read more

    Affected Products : sante_pacs_server
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2025-52584

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker co... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-46269

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker c... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-9119

    A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cros... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-53705

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could le... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-41392

    In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could lev... Read more

    Affected Products : cobalt xenon argon lithium
    • Published: Aug. 18, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-8098

    An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.... Read more

    Affected Products : pc_manager
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-55591

    TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55590

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55589

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-55588

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-55587

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-55586

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-55585

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-55584

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication
Showing 20 of 291890 Results