Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-3049

    Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.... Read more

    • EPSS Score: %0.61
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.8

    MEDIUM
    CVE-2022-3048

    Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.... Read more

    Affected Products : fedora chrome chrome_os
    • EPSS Score: %0.01
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-39835

    An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.... Read more

    Affected Products : gajim
    • EPSS Score: %0.19
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-36158

    Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).... Read more

    • EPSS Score: %0.16
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2022-34326

    In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way hands... Read more

    Affected Products : rtl8195am_firmware rtl8195am
    • EPSS Score: %0.29
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-30003

    Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.... Read more

    Affected Products : online_market_place_site
    • EPSS Score: %0.15
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.4

    HIGH
    CVE-2022-22058

    Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdra... Read more

    • EPSS Score: %0.07
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2021-27853

    Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.... Read more

    • EPSS Score: %0.03
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-1104

    A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed... Read more

    Affected Products : dhp-w310av_firmware dhp-w310av
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-55532

    Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.... Read more

    Affected Products : ranger
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-56914

    D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Jan. 22, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-25429

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-25428

    TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-25430

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-13726

    The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : themes_coder
    • Published: Feb. 17, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-37607

    A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dap-2555_firmware dap-2555
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-37606

    A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 7.3

    HIGH
    CVE-2024-42093

    In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause po... Read more

    Affected Products : linux_kernel
    • Published: Jul. 29, 2024
    • Modified: May. 21, 2025

  • 7.0

    HIGH
    CVE-2024-41057

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: =====================================================... Read more

    Affected Products : linux_kernel
    • Published: Jul. 29, 2024
    • Modified: May. 21, 2025

  • 6.0

    MEDIUM
    CVE-2024-56662

    In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inli... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: May. 21, 2025
Showing 20 of 292762 Results