Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2024-10472

    The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : stylish_price_list
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-10554

    The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-advanced-search
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2022-42080

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.12
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-42079

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.12
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42078

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42077

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41403

    OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-38388

    IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.... Read more

    Affected Products : navigator_mobile
    • EPSS Score: %0.02
    • Published: Oct. 11, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-28887

    Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.... Read more

    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 7.1

    HIGH
    CVE-2022-25665

    Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.04
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 6.2

    MEDIUM
    CVE-2022-25664

    Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-25663

    Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity... Read more

    • EPSS Score: %0.10
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-25662

    Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • EPSS Score: %0.27
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 8.4

    HIGH
    CVE-2022-22077

    Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile... Read more

    • EPSS Score: %0.08
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2021-36369

    An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass ad... Read more

    Affected Products : debian_linux dropbear_ssh
    • EPSS Score: %0.11
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-10703

    The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ... Read more

    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-11272

    The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ... Read more

    Affected Products : contact_form pirate_forms
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-11273

    The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ... Read more

    Affected Products : contact_form
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-6024

    The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack... Read more

    Affected Products : contentlock
    • Published: Jul. 12, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-3026

    The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks... Read more

    Affected Products : maxbuttons
    • Published: Jul. 13, 2024
    • Modified: May. 15, 2025
Showing 20 of 291827 Results