Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2025-28028

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.... Read more

    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28025

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28022

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28021

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28020

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28019

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28018

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-28017

    TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-1522

    PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnera... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-1521

    PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this ... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.0

    HIGH
    CVE-2025-1520

    PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerabi... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1050

    Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The s... Read more

    Affected Products : s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1049

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1048

    Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1047

    Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more

    Affected Products : keyshot
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1046

    Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerabilit... Read more

    Affected Products : keyshot
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1045

    Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to... Read more

    Affected Products : keyshot keyshot_viewer
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2025-46394

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-45429

    In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-32969

    XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQ... Read more

    Affected Products : xwiki
    • Published: Apr. 23, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection
Showing 20 of 293613 Results