Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-48128

    An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-48126

    An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-38323

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: May. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-38527

    UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.... Read more

    Affected Products : ucms
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-38509

    Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.... Read more

    Affected Products : wedding_planner
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-38351

    A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.... Read more

    Affected Products : biostar_2
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-35060

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.... Read more

    Affected Products : otfcc
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.1

    HIGH
    CVE-2022-2995

    Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set... Read more

    Affected Products : cri-o
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-28321

    The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such con... Read more

    Affected Products : linux-pam tumbleweed
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2022-28204

    A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.... Read more

    Affected Products : mediawiki
    • Published: Sep. 19, 2022
    • Modified: May. 29, 2025

  • 4.0

    MEDIUM
    CVE-2024-36795

    Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 06, 2024
    • Modified: May. 29, 2025

  • 5.4

    MEDIUM
    CVE-2024-4756

    The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : wp_backpack
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-36787

    An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-36789

    An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-36790

    Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.2

    HIGH
    CVE-2024-36792

    An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.... Read more

    Affected Products : wnr614_firmware wnr614
    • Published: Jun. 07, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-37630

    D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.... Read more

    Affected Products : dir-605l_firmware dir-605l
    • Published: Jun. 13, 2024
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-40392

    SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php.... Read more

    • Published: Jul. 16, 2024
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2024-41602

    Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL... Read more

    Affected Products : spina
    • Published: Jul. 19, 2024
    • Modified: May. 29, 2025

  • 9.6

    CRITICAL
    CVE-2024-41603

    Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout.... Read more

    Affected Products : spina
    • Published: Jul. 19, 2024
    • Modified: May. 29, 2025
Showing 20 of 292795 Results