Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-52786

    An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-50645

    MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-57800

    Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to... Read more

    Affected Products : audiobookshelf
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-57771

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-57770

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login in... Read more

    Affected Products : zitadel
    • Published: Aug. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-57105

    The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the ... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-55745

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attacker... Read more

    Affected Products : unopim
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55637

    Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-55634

    Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large number of simultane... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-55631

    Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to manage users' sessions system wide instead of an account-by-account basis, potentially leading to a Denial of Service (DoS) via resource exhausti... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-55630

    A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-55629

    Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allow attackers to arbitrarily change other users' passwords via manipulation of the userName value.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-55627

    Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows authenticated attackers to create accounts with elevated privileges.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-55626

    An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-55625

    An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-55624

    An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-55623

    An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-55622

    Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-55621

    An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional beh... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-55620

    A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Aug. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292735 Results