Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2024-52014

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52015

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a c... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-52016

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allo... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 8.0

    HIGH
    CVE-2024-52022

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 5.7

    MEDIUM
    CVE-2024-51011

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2025-2240

    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial o... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2022-3197

    Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2022-3135

    The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : seo_smart_links
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2022-3119

    The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them t... Read more

    Affected Products : oauth_client_single_sign_on
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-3103

    off-by-one in io_uring module.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-2903

    The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present ... Read more

    Affected Products : ninja_forms
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-2861

    Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-2860

    Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-2859

    Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.... Read more

    Affected Products : fedora chrome
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-2858

    Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2022-2405

    The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup... Read more

    Affected Products : wp_popup_builder
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2022-2404

    The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_popup_builder
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-2352

    The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.... Read more

    Affected Products : post_smtp
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-1755

    The SVG Support WordPress plugin before 2.5 does not properly handle SVG added via an URL, which could allow users with a role as low as author to perform Cross-Site Scripting attacks... Read more

    Affected Products : svg_support
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-1613

    The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.... Read more

    Affected Products : restricted_site_access
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025
Showing 20 of 293330 Results