Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2025-46400

    In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2025-46399

    A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2025-46398

    In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-46397

    In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-32818

    A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.... Read more

    Affected Products : sonicos
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-28169

    BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cryptography

  • 2.5

    LOW
    CVE-2024-58251

    In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-3907

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.... Read more

    Affected Products : search_api_solr
    • Published: Apr. 23, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.3

    HIGH
    CVE-2025-3904

    Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.... Read more

    Affected Products : sportsleague
    • Published: Apr. 23, 2025
    • Modified: Sep. 02, 2025

  • 7.3

    HIGH
    CVE-2025-3903

    Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.... Read more

    Affected Products : ueditor
    • Published: Apr. 23, 2025
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2025-3902

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.... Read more

    Affected Products : block_class
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3901

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-3900

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.... Read more

    Affected Products : colorbox
    • Published: Apr. 23, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2773

    BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication ... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-2772

    BEC Technologies Multiple Routers Insufficiently Protected Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BEC Technologies routers. Auth... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-2771

    BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-2770

    BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is requir... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-2769

    Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute ... Read more

    Affected Products : netdrive
    • Published: Apr. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-2768

    Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute ... Read more

    Affected Products : netdrive
    • Published: Apr. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-2767

    Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit t... Read more

    Affected Products : ng_firewall
    • Published: Apr. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293620 Results