Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-57471

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57479

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary com... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57482

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute a... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57473

    H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary co... Read more

    Affected Products : n12_firmware n12
    • Published: Jan. 14, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-9636

    The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible... Read more

    Affected Products : comboblocks
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-22968

    An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions... Read more

    Affected Products : dwr-m972v_firmware dwr-m972v
    • Published: Jan. 15, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-5827

    A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql i... Read more

    • EPSS Score: %0.05
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-48126

    HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.... Read more

    Affected Products :
    • Published: Jan. 15, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0486

    A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The a... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0487

    A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-0491

    A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the atta... Read more

    Affected Products : native-php-cms
    • Published: Jan. 15, 2025
    • Modified: Feb. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-5822

    The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it poss... Read more

    • EPSS Score: %4.40
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-22905

    RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Jan. 16, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-5807

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29. ... Read more

    Affected Products : education_portal
    • EPSS Score: %0.06
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-22912

    RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Jan. 16, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-22913

    RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function.... Read more

    Affected Products : re11s_firmware re11s
    • Published: Jan. 16, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-10836

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-57580

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-57582

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jan. 16, 2025
    • Modified: Mar. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-23797

    Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 292761 Results