Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-55591

    TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55590

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55589

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-55588

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-55587

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-55586

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-55585

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-55584

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-55213

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to impr... Read more

    Affected Products : openfga
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-53192

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluate... Read more

    Affected Products : commons_ognl
    • Published: Aug. 18, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-4371

    A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-32992

    Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-43731

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-7693

    A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS ... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2025-55300

    Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijackin... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-55299

    VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with ... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-55296

    librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaS... Read more

    Affected Products : librenms
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-55293

    Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing ... Read more

    Affected Products : meshtastic_firmware
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-55291

    Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) ... Read more

    Affected Products : shaarli
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-55288

    Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, lea... Read more

    Affected Products :
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291898 Results