Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-35060

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.1

    HIGH
    CVE-2022-2995

    Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set... Read more

    Affected Products : cri-o
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-28321

    The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such con... Read more

    Affected Products : linux-pam tumbleweed
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2022-28204

    A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.... Read more

    Affected Products : mediawiki
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 4.0

    MEDIUM
    CVE-2024-36795

    Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 06, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-4756

    The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wp_backpack
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-36787

    An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-36789

    An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-36790

    Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.2

    HIGH
    CVE-2024-36792

    An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-37630

    D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Jun. 13, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-40392

    SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php.... Read more

    • Published: Jul. 16, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-41602

    Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL... Read more

    Affected Products : spina
    • Published: Jul. 19, 2024
    • Modified: May. 29, 2025

  • 9.6

    CRITICAL
    CVE-2024-41603

    Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.... Read more

    Affected Products : spina
    • Published: Jul. 19, 2024
    • Modified: May. 29, 2025

  • 8.6

    HIGH
    CVE-2024-6420

    The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.... Read more

    Affected Products : hide_my_wp_ghost
    • Published: Jul. 23, 2024
    • Modified: May. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-8437

    The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4... Read more

    Affected Products : wp_easy_gallery
    • Published: Sep. 25, 2024
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-50690

    SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2024-50692

    SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the rea... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-50694

    In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-50695

    SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292769 Results