Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-38884

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication ... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 13, 2025

  • 9.1

    CRITICAL
    CVE-2024-38883

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-3751

    The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-44419

    D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-44420

    D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authen... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44421

    D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authent... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44422

    D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentica... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44423

    D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authent... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44424

    D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authenticati... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44425

    D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authenti... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44426

    D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although auth... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44427

    D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although au... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-44418

    D-Link DIR-X3260 Prog.cgi Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required ... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 5.5

    MEDIUM
    CVE-2025-25947

    An issue in Bento4 v1.6.0-641 allows an attacker to trigger a segmentation fault via Ap4Atom.cpp, specifically in AP4_AtomParent::RemoveChild, during the execution of mp4encrypt with a specially crafted MP4 input file.... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25945

    An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the Mp4Fragment.cpp and in AP4_DescriptorFactory::CreateDescriptorFromStream at Ap4DescriptorFactory.cpp.... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-25944

    Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file.... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-25943

    Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25942

    An issue in Bento4 v1.6.0-641 allows an attacker to obtain sensitive information via the the mp4fragment tool when processing invalid files. Specifically, memory allocated in SampleArray::SampleArray in Mp4Fragment.cpp is not properly released.... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-3753

    The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : hostel
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-37317

    D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authenti... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025
Showing 20 of 291741 Results