Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-2760

    GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the targ... Read more

    Affected Products : gimp
    • Published: Apr. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-29526

    A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-28028

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.... Read more

    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28025

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28022

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28021

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28020

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28019

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-28018

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-28017

    TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.... Read more

    Affected Products : a800r_firmware a800r
    • Published: Apr. 23, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-1522

    PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnera... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-1521

    PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this ... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.0

    HIGH
    CVE-2025-1520

    PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerabi... Read more

    Affected Products : posthog
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1050

    Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The s... Read more

    Affected Products : s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1049

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-1048

    Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1047

    Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more

    Affected Products : keyshot
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1046

    Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerabilit... Read more

    Affected Products : keyshot
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-1045

    Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to... Read more

    Affected Products : keyshot keyshot_viewer
    • Published: Apr. 23, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.2

    LOW
    CVE-2025-46394

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.... Read more

    Affected Products : busybox
    • Published: Apr. 23, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293635 Results