Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32756

    A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through ... Read more

    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-50578

    LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and ... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-36014

    IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory.... Read more

    • Published: Jul. 07, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-36401

    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially craf... Read more

    Affected Products : geoserver geotools geoserver
    • Actively Exploited
    • Published: Jul. 01, 2024
    • Modified: Aug. 25, 2025

  • 7.5

    HIGH
    CVE-2025-29361

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29362

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29363

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pack... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: Mar. 13, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-4357

    A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit ... Read more

    Affected Products : rx3_firmware rx3 rx3_firmware rx3
    • Published: May. 06, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49663

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-2743

    A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manip... Read more

    Affected Products : ruoyi-vue-pro ruoyi-vue-pro
    • Published: Mar. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-2708

    A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path ... Read more

    Affected Products : ruoyi-vue-pro ruoyi-vue-pro
    • Published: Mar. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-21354

    Microsoft Excel Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Aug. 25, 2025

  • 7.8

    HIGH
    CVE-2024-9675

    A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write)... Read more

    • Published: Oct. 09, 2024
    • Modified: Aug. 25, 2025

  • 5.9

    MEDIUM
    CVE-2023-45802

    When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keepi... Read more

    Affected Products : fedora debian_linux http_server
    • EPSS Score: %2.08
    • Published: Oct. 23, 2023
    • Modified: Aug. 25, 2025

  • 5.9

    MEDIUM
    CVE-2024-2403

    Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual f... Read more

    Affected Products : windows remote_desktop_manager
    • Published: Mar. 13, 2024
    • Modified: Aug. 25, 2025

  • 6.0

    MEDIUM
    CVE-2025-21188

    Azure Network Watcher VM Extension Elevation of Privilege Vulnerability... Read more

    • Published: Feb. 11, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-47536

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixe... Read more

    Affected Products : citizen
    • Published: Sep. 30, 2024
    • Modified: Aug. 25, 2025

  • 7.0

    HIGH
    CVE-2025-9309

    A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high... Read more

    Affected Products : ac10_firmware ac10
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9299

    A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer over... Read more

    Affected Products : m3_firmware m3
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-9298

    A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The expl... Read more

    Affected Products : m3_firmware m3
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291617 Results