Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-43547

    Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic... Read more

    Affected Products : macos windows bridge
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43555

    Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in ... Read more

    Affected Products : macos windows animate
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43556

    Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v... Read more

    Affected Products : macos windows animate
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43557

    Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a ... Read more

    Affected Products : macos windows animate
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4660

    A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-bas... Read more

    Affected Products : secureconnector windows
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45861

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2023-20198

    Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the act... Read more

    • Actively Exploited
    • EPSS Score: %94.09
    • Published: Oct. 16, 2023
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-45865

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2024-3632

    The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : smart_image_gallery
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-4269

    The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : svg_block
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-4272

    The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : support_svg
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-4602

    The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : embed_peertube_playlist
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2024-4752

    The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : eventon
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42901

    Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.... Read more

    Affected Products : microstation view
    • EPSS Score: %0.06
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42900

    Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for ... Read more

    Affected Products : microstation view
    • EPSS Score: %0.06
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-42899

    Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions ar... Read more

    Affected Products : microstation view
    • EPSS Score: %0.43
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42897

    Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.... Read more

    Affected Products : arrayos_ag vxag ag1000 ag1000t ag1000v5 ag1100v5 ag1150 ag1200 ag1200v5 ag1500 +5 more products
    • EPSS Score: %1.52
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-42715

    A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.... Read more

    Affected Products : redcap
    • EPSS Score: %0.17
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.6

    CRITICAL
    CVE-2022-42711

    In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.... Read more

    Affected Products : whatsup_gold
    • EPSS Score: %0.22
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42161

    D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025
Showing 20 of 291741 Results