Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    CVSS31
    CVE-2025-4453

    A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argument sysCmd leads to command injection. It is possible to initiate the attack remotely. The vendor ... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 6.1

    CVSS31
    CVE-2025-4434

    The Remote Images Grabber plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to in... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 9.8

    CVSS31
    CVE-2025-3811

    The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email throug... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 9.8

    CVSS31
    CVE-2025-3810

    The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4452

    A vulnerability was found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this issue is the function formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The vendor was ... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4451

    A vulnerability has been found in D-Link DIR-619L 2.04B04 and classified as critical. Affected by this vulnerability is the function formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotel... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4450

    A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vend... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4449

    A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipulation of the argument wan_connected leads to buffer overflow. The attack may be initiated remote... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4448

    A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor w... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.0

    CVSS31
    CVE-2025-4446

    A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs... Read more

    Affected Products :
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 6.3

    CVSS31
    CVE-2025-4445

    A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted... Read more

    Affected Products : dir-605l_firmware
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 6.3

    CVSS31
    CVE-2025-4443

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was conta... Read more

    Affected Products : dir-605l_firmware
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4442

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. T... Read more

    Affected Products : dir-605l_firmware
    • Published: May. 09, 2025
    • Modified: May. 09, 2025

  • 8.8

    CVSS31
    CVE-2025-4441

    A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. Th... Read more

    Affected Products : dir-605l_firmware
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 8.0

    CVSS31
    CVE-2025-4440

    A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local networ... Read more

    Affected Products : gr-1800ax_firmware
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 9.1

    CVSS31
    CVE-2025-47733

    Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network... Read more

    Affected Products : power_apps
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 8.7

    CVSS31
    CVE-2025-47732

    Microsoft Dataverse Remote Code Execution Vulnerability... Read more

    Affected Products : dataverse
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 8.1

    CVSS31
    CVE-2025-33072

    Improper access control in Azure allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 6.2

    CVSS31
    CVE-2025-31946

    Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025

  • 9.9

    CVSS31
    CVE-2025-29972

    Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.... Read more

    Affected Products :
    • Published: May. 08, 2025
    • Modified: May. 08, 2025
Showing 20 of 462 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 12:35