Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-25997

    Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-39722

    An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025

  • 8.1

    HIGH
    CVE-2024-26469

    Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in ... Read more

    Affected Products : product_designer
    • Published: Mar. 03, 2024
    • Modified: May. 13, 2025

  • 4.9

    MEDIUM
    CVE-2025-2487

    A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MOD... Read more

    • Published: Mar. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2022-3540

    An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses... Read more

    Affected Products : hunter2
    • EPSS Score: %0.04
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2022-3517

    A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.... Read more

    Affected Products : fedora debian_linux minimatch
    • EPSS Score: %0.46
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 6.1

    MEDIUM
    CVE-2023-52555

    In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.... Read more

    Affected Products : mongo-express
    • Published: Mar. 01, 2024
    • Modified: May. 13, 2025

  • 6.8

    MEDIUM
    CVE-2024-38888

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 13, 2025

  • 7.5

    HIGH
    CVE-2024-38885

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 13, 2025

  • 7.8

    HIGH
    CVE-2024-38884

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication ... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 13, 2025

  • 9.1

    CRITICAL
    CVE-2024-38883

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 13, 2025

  • 4.8

    MEDIUM
    CVE-2024-3751

    The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-44419

    D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-44420

    D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-X3260 routers. Authen... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44421

    D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authent... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44422

    D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentica... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44423

    D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authent... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44424

    D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authenticati... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44425

    D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authenti... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.0

    HIGH
    CVE-2023-44426

    D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although auth... Read more

    Affected Products : dir-x3260_firmware dir-x3260
    • Published: May. 03, 2024
    • Modified: May. 13, 2025
Showing 20 of 291750 Results