Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-39928

    In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this i... Read more

    Affected Products : linkis
    • Published: Sep. 25, 2024
    • Modified: May. 16, 2025

  • 9.1

    CRITICAL
    CVE-2024-3673

    The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.... Read more

    Affected Products : web_directory_free
    • Published: Aug. 30, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-24163

    SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.... Read more

    Affected Products : hutool
    • EPSS Score: %0.12
    • Published: Jan. 31, 2023
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-24468

    Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2... Read more

    • EPSS Score: %0.30
    • Published: Mar. 15, 2023
    • Modified: May. 16, 2025

  • 7.8

    HIGH
    CVE-2022-48425

    In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.01
    • Published: Mar. 19, 2023
    • Modified: May. 16, 2025

  • 5.3

    MEDIUM
    CVE-2024-6846

    The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs... Read more

    Affected Products : smartsearchwp chatbot_with_chatgpt
    • Published: Sep. 05, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-45158

    An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabl... Read more

    Affected Products : mbed_tls mbedtls
    • Published: Sep. 05, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2025-1578

    A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible t... Read more

    • Published: Feb. 23, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-7891

    The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : floating_contact_button
    • Published: Sep. 10, 2024
    • Modified: May. 16, 2025

  • 4.8

    MEDIUM
    CVE-2024-7955

    The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : starbox
    • Published: Sep. 10, 2024
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-7846

    YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.... Read more

    Affected Products : yith_woocommerce_ajax_search
    • Published: Sep. 23, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2025-2898

    IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.... Read more

    Affected Products : maximo_application_suite
    • Published: May. 06, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4196

    A vulnerability was found in SourceCodester Patient Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /birthing.php. The manipulation of the argument comp_id leads to sql injection. The att... Read more

    • Published: May. 02, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-42999

    SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host sys... Read more

    Affected Products : netweaver
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2023-32137

    D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication i... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32138

    D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to ... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32139

    D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2023-32140

    D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is no... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32141

    D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32142

    D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not re... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025
Showing 20 of 291871 Results