Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-3549

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. T... Read more

    Affected Products : assimp
    • Published: Apr. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-3548

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to... Read more

    Affected Products : assimp
    • Published: Apr. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-3547

    A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-3546

    A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/w... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3545

    A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3544

    A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3543

    A vulnerability has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014 and classified as critical. This vulnerability affects the function FCGI_WizardProtoProcess of the file /api/wizard/setsyncpppoecfg of the compone... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3542

    A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGI_WizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handle... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3541

    A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGI_WizardProtoProcess of the file /api/wizard/getSpecs of the compone... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3540

    A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this vulnerability is the function FCGI_WizardProtoProcess of the file /api/wizard/getCapability of the component H... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-3539

    A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the co... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-3445

    A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing t... Read more

    Affected Products : archiver
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-3538

    A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. ... Read more

    Affected Products : di-8100_firmware di-8100
    • Published: Apr. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2024-56406

    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator,... Read more

    Affected Products : perl
    • Published: Apr. 13, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-3537

    A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is ... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-3536

    A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper author... Read more

    Affected Products : employee_management_system
    • Published: Apr. 13, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-3423

    IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    Affected Products : linux_kernel aspera_faspex
    • Published: Apr. 13, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3535

    A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launc... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-3534

    A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. It is possible to launch the attack remo... Read more

    Affected Products :
    • Published: Apr. 13, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-3533

    A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross s... Read more

    Affected Products : youdiancms
    • Published: Apr. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293542 Results