Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-46345

    Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a forged token and the potential to access user informatio... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-46337

    ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using A... Read more

    Affected Products : adodb
    • Published: May. 01, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44867

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : w20e_firmware w20e
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44866

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : w20e_firmware w20e
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44865

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : w20e_firmware w20e
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44864

    Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : w20e_firmware w20e
    • Published: May. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44863

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44862

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44861

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44860

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-32890

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the messa... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-32889

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-32888

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2025-32887

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-32886

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32885

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-32884

    An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-32882

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the me... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-32881

    An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The... Read more

    Affected Products : gotenna mesh_firmware mesh
    • Published: May. 01, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-4173

    A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql inj... Read more

    Affected Products : online_eyewear_shop
    • Published: May. 01, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Injection
Showing 20 of 294319 Results