Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-32138

    D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to ... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32139

    D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2023-32140

    D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is no... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32141

    D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32142

    D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not re... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32143

    D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not requ... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32144

    D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32145

    D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this v... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32146

    D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2023-32136

    D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not re... Read more

    • Published: May. 03, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2024-12987

    A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the ... Read more

    • Actively Exploited
    • Published: Dec. 27, 2024
    • Modified: May. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-4117

    A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-21581

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more

    Affected Products : mysql_server
    • Published: Apr. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2023-49550

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.... Read more

    Affected Products : mjs
    • EPSS Score: %0.97
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 7.5

    HIGH
    CVE-2023-32888

    In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY0116183... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +28 more products
    • EPSS Score: %1.45
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 4.4

    MEDIUM
    CVE-2023-32878

    In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue I... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • EPSS Score: %0.01
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 3.8

    LOW
    CVE-2020-26625

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.... Read more

    Affected Products : gila_cms
    • EPSS Score: %0.26
    • Published: Jan. 02, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2025-4244

    A vulnerability, which was classified as critical, was found in code-projects Online Bus Reservation System 1.0. This affects an unknown part of the file /seatlocation.php. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more

    Affected Products : online_bus_reservation_system
    • Published: May. 03, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4163

    A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attac... Read more

    Affected Products : land_record_system
    • Published: May. 01, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4164

    A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It i... Read more

    Affected Products : employee_record_management_system
    • Published: May. 01, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection
Showing 20 of 292110 Results