Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-4859

    A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argumen... Read more

    Affected Products : dap-2695_firmware dap-2695
    • Published: May. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-0810

    Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2024-0804

    Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2024-0755

    Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-0754

    Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122.... Read more

    Affected Products : firefox
    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-0749

    A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-0747

    When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2024-0517

    Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 16, 2024
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2024-0187

    The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users... Read more

    Affected Products : peepso
    • Published: Jan. 16, 2024
    • Modified: May. 22, 2025

  • 4.8

    MEDIUM
    CVE-2023-5124

    The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site Wor... Read more

    Affected Products : pagelayer
    • Published: Jan. 29, 2024
    • Modified: May. 22, 2025

  • 7.0

    HIGH
    CVE-2023-5091

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0.... Read more

    Affected Products : valhall_gpu_kernel_driver
    • Published: Jan. 08, 2024
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2023-48085

    Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.... Read more

    Affected Products : nagios_xi
    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2023-46750

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. ... Read more

    Affected Products : shiro
    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2023-41151

    An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on writing.... Read more

    • Published: Dec. 14, 2023
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-40103

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40102

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40101

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40100

    Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-35247

    A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-32823

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak se... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 292764 Results