Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2024-13297

    Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15.... Read more

    Affected Products : eloqua
    • Published: Jan. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2024-13296

    Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.... Read more

    Affected Products : mailjet
    • Published: Jan. 09, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9297

    A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated rem... Read more

    Affected Products : i22_firmware i22
    • Published: Aug. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4846

    A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MPUT Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex... Read more

    • Published: May. 18, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2012-10023

    A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The fla... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2012-10030

    FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, an... Read more

    Affected Products : freefloat_ftp_server
    • Published: Aug. 05, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-55564

    Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Aug. 21, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-25007

    Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-25006

    Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-53783

    Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-33051

    Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-55613

    Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.... Read more

    Affected Products : o3 o3_firmware
    • Published: Aug. 22, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-8191

    A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site ... Read more

    Affected Products : mall
    • Published: Jul. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8343

    A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the ... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-27286

    Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, ... Read more

    Affected Products : zulip zulip_server
    • Published: Mar. 20, 2024
    • Modified: Sep. 03, 2025

  • 8.8

    HIGH
    CVE-2020-24363

    TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrati... Read more

    Affected Products : tl-wa855re_firmware tl-wa855re
    • Actively Exploited
    • Published: Aug. 31, 2020
    • Modified: Sep. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-8344

    A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument file... Read more

    Affected Products : shio
    • Published: Jul. 31, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-37744

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (a... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-54792

    LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discover... Read more

    Affected Products : localsend
    • Published: Aug. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-55177

    Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from... Read more

    Affected Products : whatsapp whatsapp_business
    • Actively Exploited
    • Published: Aug. 29, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization
Showing 20 of 292795 Results