Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-1382

    The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : contact_us
    • Published: Mar. 09, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2025-2717

    A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument t... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Mar. 25, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-1103

    A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the arg... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Feb. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-11638

    The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as ... Read more

    Affected Products : gtbabel
    • Published: Mar. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-22968

    An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions... Read more

    Affected Products : dwr-m972v_firmware dwr-m972v
    • Published: Jan. 15, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1876

    A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based ... Read more

    Affected Products : dap-1562_firmware dap-1562
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2025-1800

    A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the ... Read more

    Affected Products : dar-7000_firmware dar-7000
    • Published: Mar. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2025-24032

    PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An atta... Read more

    Affected Products :
    • Published: Feb. 10, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-41570

    An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.... Read more

    Affected Products : eyesofnetwork
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-40044

    Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML v... Read more

    Affected Products : centreon
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-40043

    Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.... Read more

    Affected Products : centreon
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.7

    MEDIUM
    CVE-2022-3303

    A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this f... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2022-3272

    Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.... Read more

    Affected Products : rdiffweb
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-3071

    Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.... Read more

    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-3058

    Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-3057

    Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-3056

    Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-3051

    Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.... Read more

    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-3050

    Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.... Read more

    Affected Products : fedora chrome chrome_os
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-3049

    Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025
Showing 20 of 292781 Results