Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-45861

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2023-20198

    Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the act... Read more

    • Actively Exploited
    • EPSS Score: %94.09
    • Published: Oct. 16, 2023
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-45865

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2024-3632

    The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : smart_image_gallery
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-4269

    The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : svg_block
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-4272

    The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : support_svg
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-4602

    The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : embed_peertube_playlist
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2024-4752

    The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : eventon
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42901

    Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.... Read more

    Affected Products : microstation view
    • EPSS Score: %0.06
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42900

    Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for ... Read more

    Affected Products : microstation view
    • EPSS Score: %0.06
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42899

    Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions ar... Read more

    Affected Products : microstation view
    • EPSS Score: %0.43
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42897

    Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.... Read more

    Affected Products : arrayos_ag vxag ag1000 ag1000t ag1000v5 ag1100v5 ag1150 ag1200 ag1200v5 ag1500 +5 more products
    • EPSS Score: %1.52
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-42715

    A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.... Read more

    Affected Products : redcap
    • EPSS Score: %0.17
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.6

    CRITICAL
    CVE-2022-42711

    In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.... Read more

    Affected Products : whatsup_gold
    • EPSS Score: %0.22
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42161

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42087

    Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 3.8

    LOW
    CVE-2024-5030

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-52317

    Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 ... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-52318

    Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.... Read more

    Affected Products : tomcat
    • Published: Nov. 18, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-46055

    OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.... Read more

    Affected Products : openvidreview
    • Published: Nov. 27, 2024
    • Modified: May. 15, 2025
Showing 20 of 291736 Results