Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-22851

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-22842

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-22452

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-20102

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-3330

    A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. This vulnerability affects unknown code of the file /reservation_save.php. The manipulation of the argument first leads to sql injection. The attack ... Read more

    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025

  • 3.1

    LOW
    CVE-2025-3329

    A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmi... Read more

    Affected Products : comanda_mobile
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2025-3328

    A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overfl... Read more

    Affected Products : ac1206_firmware ac1206
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-3327

    A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripti... Read more

    Affected Products : iboot
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-3326

    A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. ... Read more

    Affected Products : iboot
    • Published: Apr. 07, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3325

    A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access cont... Read more

    Affected Products : iboot
    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-3324

    A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted ... Read more

    Affected Products : nimrod
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3323

    A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql inje... Read more

    Affected Products : nimrod
    • Published: Apr. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-32013

    LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callb... Read more

    Affected Products : lnbits
    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.2

    HIGH
    CVE-2025-31492

    mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protect... Read more

    Affected Products : mod_auth_openidc
    • Published: Apr. 06, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-31488

    Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a ... Read more

    Affected Products :
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-2260

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 ... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2259

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one pack... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2258

    In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Leng... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-3318

    A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of ... Read more

    • Published: Apr. 06, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-3317

    A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the ar... Read more

    Affected Products :
    • Published: Apr. 06, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293308 Results