Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-33111

    D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: May. 06, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-33112

    D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: May. 06, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-33113

    D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: May. 06, 2024
    • Modified: May. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-33110

    D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component.... Read more

    Affected Products : dir-845l_firmware dir-845l
    • Published: May. 06, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-4925

    A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument from... Read more

    Affected Products : daily_expense_tracker_system
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-33345

    D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Apr. 29, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-33344

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.... Read more

    • Published: Apr. 26, 2024
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2024-33343

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.... Read more

    • Published: Apr. 26, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-33342

    D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.... Read more

    • Published: Apr. 26, 2024
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2025-4926

    A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrest... Read more

    Affected Products : car_rental_portal
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4927

    A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate lea... Read more

    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2023-49575

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_sm... Read more

    Affected Products : vx_search
    • Published: May. 24, 2024
    • Modified: May. 21, 2025

  • 7.1

    HIGH
    CVE-2023-49572

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_passwor... Read more

    Affected Products : vx_search
    • Published: May. 24, 2024
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2024-7253

    NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileg... Read more

    Affected Products : nomachine
    • Published: Nov. 22, 2024
    • Modified: May. 21, 2025

  • 7.7

    HIGH
    CVE-2024-47939

    Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary c... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2022-40912

    ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTM... Read more

    Affected Products : etap_safety_manager
    • EPSS Score: %0.11
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 3.3

    LOW
    CVE-2022-40708

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain th... Read more

    • EPSS Score: %0.07
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-3193

    An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.... Read more

    Affected Products : virtualization ovirt-engine
    • EPSS Score: %0.11
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 6.4

    MEDIUM
    CVE-2022-35722

    IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : jazz_for_service_management
    • EPSS Score: %0.08
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-35282

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.03
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025
Showing 20 of 292247 Results