Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    CVSS31
    CVE-2025-6151

    A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. ... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 8.8

    CVSS31
    CVE-2025-6150

    A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : x15_firmware
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 8.8

    CVSS31
    CVE-2025-6149

    A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to ... Read more

    Affected Products : a3002r_firmware
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 8.8

    CVSS31
    CVE-2025-6148

    A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submi... Read more

    Affected Products : a3002ru_firmware
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 8.8

    CVSS31
    CVE-2025-6147

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-... Read more

    Affected Products : a702r_firmware
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 0.0

    NONE
    CVE-2025-48993

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Forma... Read more

    Affected Products : group_office
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 0.0

    NONE
    CVE-2025-48992

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can ch... Read more

    Affected Products : group_office
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 0.0

    NONE
    CVE-2025-3464

    A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advis... Read more

    Affected Products : armoury_crate
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 0.0

    NONE
    CVE-2025-43200

    This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, ma... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Actively Exploited
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 8.8

    CVSS31
    CVE-2025-6146

    A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads t... Read more

    Affected Products : x15_firmware
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025

  • 8.8

    CVSS31
    CVE-2025-6145

    A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argume... Read more

    Affected Products : ex1200t_firmware
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-6144

    A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of... Read more

    Affected Products : ex1200t_firmware
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-6143

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url le... Read more

    Affected Products : ex1200t_firmware
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 6.3

    CVSS31
    CVE-2025-6142

    A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be la... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 3.3

    CVSS31
    CVE-2025-6141

    A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack ... Read more

    Affected Products : ncurses
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 3.3

    CVSS31
    CVE-2025-6140

    A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 0.0

    NONE
    CVE-2025-27587

    OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the... Read more

    Affected Products :
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 3.9

    CVSS31
    CVE-2025-6139

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can on... Read more

    Affected Products : t10_firmware
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 8.8

    CVSS31
    CVE-2025-6138

    A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g... Read more

    Affected Products : t10_firmware
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025

  • 0.0

    NONE
    CVE-2025-49134

    Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched i... Read more

    Affected Products : weblate
    • Published: Jun. 16, 2025
    • Modified: Jun. 16, 2025
Showing 20 of 136 Results
© cvefeed.io
Latest DB Update: Jun. 17, 2025 7:19