Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2024-33452

    An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.... Read more

    Affected Products : lua-nginx-module
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-29547

    In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000.... Read more

    Affected Products : rollback_rx_pro
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-23176

    CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more

    Affected Products : tcexam
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-1951

    IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-1950

    IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-28034

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command executio... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-28033

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnera... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-28032

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the ... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2024-46546

    NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : fleta_ax1500_firmware fleta_ax1500
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-40446

    An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script... Read more

    Affected Products : mimetex
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025

  • 7.3

    HIGH
    CVE-2024-40445

    A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.... Read more

    Affected Products : mimetex
    • Published: Apr. 22, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-23175

    Multiple XSS (CWE-79)... Read more

    Affected Products : tcexam
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-3472

    The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shor... Read more

    Affected Products : ocean_extra
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-3458

    The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : ocean_extra
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-3457

    The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products : ocean_extra
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2092

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators.... Read more

    Affected Products : checkmk checkmk
    • Published: Apr. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-11299

    The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from p... Read more

    Affected Products : memberpress
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-46254

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through 45.10.0.... Read more

    Affected Products : visual_composer_website_builder
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-46253

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.... Read more

    Affected Products : gutenkit
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-46252

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.... Read more

    Affected Products : message_filter_for_contact_form_7
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Injection
Showing 20 of 293617 Results