Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-2405

    The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup... Read more

    Affected Products : wp_popup_builder
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2022-2404

    The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_popup_builder
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-2352

    The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.... Read more

    Affected Products : post_smtp
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-1755

    The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks... Read more

    Affected Products : svg_support
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-1613

    The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.... Read more

    Affected Products : restricted_site_access
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2021-24890

    The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthentic... Read more

    Affected Products : scripts_organizer
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.0

    HIGH
    CVE-2024-51021

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a craf... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52023

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52024

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reques... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52025

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST requ... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52026

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reque... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2025-3585

    A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate ... Read more

    Affected Products : cicadascms
    • Published: Apr. 14, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2024-51010

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2025-3565

    A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. This vulnerability affects unknown code of the file /upload/uploadArticle.do of the component Announcement Management Section. The manipulation of the argument ... Read more

    Affected Products : studentmanager studentmanager
    • Published: Apr. 14, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2024-21011

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracl... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-3608

    A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.... Read more

    Affected Products : firefox
    • Published: Apr. 15, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-20955

    Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-20957

    Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025

  • 4.4

    MEDIUM
    CVE-2025-20958

    Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-20959

    Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293260 Results