Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-4860

    A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to ... Read more

    Affected Products : dap-2695_firmware dap-2695
    • Published: May. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-1357

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output esca... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-52701

    A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.... Read more

    Affected Products : piwigo
    • Published: Nov. 20, 2024
    • Modified: May. 22, 2025

  • 8.0

    HIGH
    CVE-2024-51094

    An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, ... Read more

    Affected Products : snipe-it
    • Published: Nov. 12, 2024
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2024-48311

    Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.... Read more

    Affected Products : piwigo
    • Published: Oct. 31, 2024
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2024-46606

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2024-46605

    A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more

    Affected Products : piwigo
    • Published: Oct. 16, 2024
    • Modified: May. 22, 2025

  • 8.5

    HIGH
    CVE-2025-43595

    An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).... Read more

    Affected Products :
    • Published: May. 01, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2018-18984

    Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .... Read more

    • Published: Dec. 14, 2018
    • Modified: May. 22, 2025

  • 5.3

    MEDIUM
    CVE-2018-14781

    Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the re... Read more

    • Published: Aug. 13, 2018
    • Modified: May. 22, 2025

  • 5.3

    MEDIUM
    CVE-2018-10634

    Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.... Read more

    • Published: Aug. 13, 2018
    • Modified: May. 22, 2025

  • 5.9

    MEDIUM
    CVE-2025-3516

    The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : simple_lightbox
    • Published: May. 16, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2019-25220

    Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work b... Read more

    Affected Products : bitcoin_core
    • Published: Nov. 18, 2024
    • Modified: May. 22, 2025

  • 5.3

    MEDIUM
    CVE-2024-55563

    Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents p... Read more

    Affected Products : bitcoin_core
    • Published: Dec. 09, 2024
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2025-32728

    In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.... Read more

    Affected Products : debian_linux openssh
    • Published: Apr. 10, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-35202

    Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called t... Read more

    Affected Products : bitcoin_core bitcoin
    • Published: Oct. 10, 2024
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2019-3728

    RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable ... Read more

    • Published: Sep. 30, 2019
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40106

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.2

    HIGH
    CVE-2022-3076

    The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for exampl... Read more

    Affected Products : cm_download_manager
    • Published: Sep. 26, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-32829

    This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 293343 Results