Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-4850

    A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is poss... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4849

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command inj... Read more

    Affected Products : n300rh_firmware n300rh
    • Published: May. 18, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-45862

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 20, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-45513

    Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 09, 2025
    • Modified: May. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2024-26952

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value... Read more

    Affected Products : linux_kernel
    • Published: May. 01, 2024
    • Modified: May. 23, 2025

  • 8.8

    HIGH
    CVE-2023-44466

    An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted leng... Read more

    Affected Products : linux_kernel
    • Published: Sep. 29, 2023
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2024-27018

    In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge... Read more

    Affected Products : linux_kernel fedora
    • Published: May. 01, 2024
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2022-48735

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registered via devm_led_classdev_register() and associated with t... Read more

    Affected Products : linux_kernel
    • Published: Jun. 20, 2024
    • Modified: May. 23, 2025

  • 7.8

    HIGH
    CVE-2024-36477

    In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of t... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2024
    • Modified: May. 23, 2025

  • 2.1

    LOW
    CVE-2025-22149

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-44176

    Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.... Read more

    Affected Products : fh451_firmware fh451
    • Published: May. 12, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45858

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3757

    Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.... Read more

    Affected Products : openpubkey
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45863

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2024-13382

    The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : calculated_fields_form
    • Published: May. 15, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13729

    The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : podlove_podcast_publisher
    • Published: May. 15, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-13730

    The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ... Read more

    Affected Products : podlove_podcast_publisher
    • Published: May. 15, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2022-3559

    A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is ... Read more

    Affected Products : fedora exim
    • Published: Oct. 17, 2022
    • Modified: May. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-3620

    A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name ... Read more

    Affected Products : fedora exim
    • Published: Oct. 20, 2022
    • Modified: May. 23, 2025

  • 6.1

    MEDIUM
    CVE-2024-12586

    The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : chalet-montagne.com_tools
    • Published: Feb. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293304 Results