Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-28019

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28018

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-28017

    TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-1522

    PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnera... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-1521

    PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this ... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.0

    HIGH
    CVE-2025-1520

    PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerabi... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1050

    Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The s... Read more

    Affected Products : s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1049

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1048

    Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1047

    Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more

    Affected Products : keyshot
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1046

    Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerabilit... Read more

    Affected Products : keyshot
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1045

    Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to... Read more

    Affected Products : keyshot keyshot_viewer
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2025-46394

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-45429

    In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-32969

    XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQ... Read more

    Affected Products : xwiki
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32968

    XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrar... Read more

    Affected Products : xwiki
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-32966

    DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8.... Read more

    Affected Products : dataease
    • Published: Apr. 23, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-21605

    Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Re... Read more

    Affected Products : debian_linux redis valkey
    • Published: Apr. 23, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-47829

    pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the ... Read more

    Affected Products : pnpm
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 2.9

    LOW
    CVE-2025-46393

    In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).... Read more

    Affected Products : imagemagick
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293608 Results