Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-48168

    A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.... Read more

    Affected Products : dcs-960l_firmware dcs-960l
    • Published: Oct. 14, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48632

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attac... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48631

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a craft... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48633

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vul... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48634

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafte... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48635

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48637

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48636

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-20283

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could ex... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-48271

    D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.... Read more

    • Published: Oct. 30, 2024
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2025-27363

    An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed shor... Read more

    Affected Products : debian_linux freetype
    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-3205

    A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiat... Read more

    Affected Products : student_grading_system
    • Published: Apr. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-48638

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-48272

    D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.... Read more

    • Published: Oct. 30, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3213

    A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The attack can be i... Read more

    Affected Products : e-diary_management_system
    • Published: Apr. 04, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2023-50740

    In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module.  We recommend users upgrade the version of Linkis to version 1.5.0... Read more

    Affected Products : linkis
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2024-26580

    Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11... Read more

    Affected Products : inlong
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3120

    A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injec... Read more

    • Published: Apr. 02, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2020-10195

    The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php,... Read more

    Affected Products : popup_builder popup-builder
    • EPSS Score: %0.46
    • Published: Mar. 13, 2020
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2020-10196

    An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker t... Read more

    Affected Products : popup_builder popup-builder
    • EPSS Score: %0.23
    • Published: Mar. 13, 2020
    • Modified: May. 07, 2025
Showing 20 of 291608 Results