Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2024-20282

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access t... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-20281

    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This v... Read more

    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 4.2

    MEDIUM
    CVE-2024-28162

    In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching f... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-28161

    In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-51023

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-28160

    Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.... Read more

    Affected Products : icescrum
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51024

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51186

    D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Nov. 11, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2025-2011

    The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2022-44022

    PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.... Read more

    Affected Products : pwndoc
    • EPSS Score: %0.08
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-44020

    An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupport... Read more

    Affected Products : fedora sushy-tools virtualbmc
    • EPSS Score: %0.03
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-44019

    In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.... Read more

    Affected Products : total.js
    • EPSS Score: %2.32
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-43776

    The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.... Read more

    Affected Products : metabase
    • EPSS Score: %0.12
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43775

    The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • EPSS Score: %9.60
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43774

    The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.24
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-43766

    Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java... Read more

    Affected Products : iotdb
    • EPSS Score: %0.40
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 6.7

    MEDIUM
    CVE-2022-43750

    drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.06
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43286

    Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.... Read more

    Affected Products : njs
    • EPSS Score: %0.10
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-43285

    Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.... Read more

    Affected Products : njs
    • EPSS Score: %0.08
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2022-43280

    wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.... Read more

    Affected Products : wabt
    • EPSS Score: %0.04
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025
Showing 20 of 291401 Results