Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-4343

    A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and classified as critical. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. ... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: May. 06, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-25899

    Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • Published: Aug. 18, 2022
    • Modified: Feb. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-36722

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php.... Read more

    Affected Products : library_management_system
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-45857

    EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.... Read more

    Affected Products : cv-7428ns_firmware cv-7428ns
    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-35540

    Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.... Read more

    Affected Products : agileconfig
    • Published: Aug. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36578

    jizhicms v2.3.1 has SQL injection in the background.... Read more

    Affected Products : jizhicms
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-9078

    A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be in... Read more

    Affected Products : student_record_system
    • Published: Sep. 22, 2024
    • Modified: Sep. 26, 2024

  • 9.8

    CRITICAL
    CVE-2022-36030

    Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new... Read more

    Affected Products : project-nexus
    • Published: Aug. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34916

    Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiti... Read more

    Affected Products : flume
    • Published: Aug. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37175

    Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2927

    Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.... Read more

    Affected Products : notrinoserp
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2932

    Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2.... Read more

    Affected Products : mobiledoc_kit
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-45863

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-34919

    The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.... Read more

    Affected Products : contensis
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-4658

    Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also appl... Read more

    Affected Products : opkssh openpubkey
    • Published: May. 13, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-37113

    Bluecms 1.6 has SQL injection in line 132 of admin/area.php... Read more

    Affected Products : bluecms bluecms
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-47445

    Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.... Read more

    Affected Products : eventin
    • Published: May. 14, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-4702

    A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is... Read more

    Affected Products : vehicle_parking_management_system
    • Published: May. 15, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-36511

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • Published: Aug. 25, 2022
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-36515

    H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist.... Read more

    Affected Products : gr-1200w_firmware gr-1200w
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293625 Results