Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-3698

    Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.... Read more

    Affected Products : carlcare carlcare
    • Published: Apr. 16, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-3665

    A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The att... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3664

    A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to lau... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Apr. 16, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-3663

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipula... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Apr. 16, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-3495

    Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.... Read more

    Affected Products : commgr
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cryptography

  • 6.4

    MEDIUM
    CVE-2025-2314

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient i... Read more

    Affected Products : profile_builder
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13452

    The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthen... Read more

    Affected Products : contact_form
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.7

    MEDIUM
    CVE-2025-30100

    Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    Affected Products : alienware_command_center
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32385

    EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the ... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-30215

    NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in th... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 2.6

    LOW
    CVE-2025-32435

    Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-32388

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a... Read more

    Affected Products : sveltekit
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2025-25458

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-25453

    Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.... Read more

    Affected Products : ac10_firmware ac10
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-22911

    RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Apr. 15, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-32923

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.... Read more

    Affected Products : tour_master
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32784

    conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrast... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-32782

    Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, an... Read more

    Affected Products : ash_authentication
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-31950

    An unauthenticated attacker can obtain EV charger energy consumption information of other users.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-31945

    An unauthenticated attacker can obtain other users' charger information.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 293510 Results