Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-9745

    A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attac... Read more

    Affected Products : di-500wf_firmware di-500wf
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-9747

    A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The explo... Read more

    Affected Products : koillection
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-9748

    A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The at... Read more

    Affected Products : ch22_firmware ch22
    • Published: Aug. 31, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-9760

    A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/Api/aluno of the component Matricula API. Executing manipulation can lead to improper authorization. It is possible to launch the attack rem... Read more

    Affected Products : i-educar
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9768

    A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely.... Read more

    Affected Products : sports_management_system
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-9769

    A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on t... Read more

    Affected Products : di-7400g\+_firmware di-7400g\+
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 3.6

    LOW
    CVE-2024-50610

    GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.... Read more

    Affected Products : gnu_scientific_library
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-9770

    A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql inject... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-9779

    A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch th... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9780

    A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-9781

    A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploi... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-50614

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products : tinyxml2
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 9.0

    HIGH
    CVE-2025-9782

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Sep. 01, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-50615

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.... Read more

    Affected Products : tinyxml2
    • Published: Oct. 27, 2024
    • Modified: Sep. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-46989

    spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned w... Read more

    Affected Products : spicedb
    • Published: Sep. 18, 2024
    • Modified: Sep. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-49728

    In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-49730

    In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22416

    In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-22417

    In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-22418

    In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 293182 Results