Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-37621

    Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js.... Read more

    Affected Products : browserify-shim
    • EPSS Score: %0.14
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2022-36368

    Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.... Read more

    Affected Products : ipfire
    • EPSS Score: %0.20
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2021-46850

    myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST re... Read more

    Affected Products : vesta_control_panel control_panel
    • EPSS Score: %18.77
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2021-46848

    GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.... Read more

    Affected Products : fedora debian_linux libtasn1
    • EPSS Score: %0.27
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.0

    MEDIUM
    CVE-2024-20282

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access t... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-20281

    A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This v... Read more

    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 4.2

    MEDIUM
    CVE-2024-28162

    In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching f... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-28161

    In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.... Read more

    Affected Products : delphix
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-51023

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-28160

    Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.... Read more

    Affected Products : icescrum
    • Published: Mar. 06, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51024

    D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 05, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-51186

    D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.... Read more

    Affected Products : dir-820l_firmware dir-820l
    • Published: Nov. 11, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2025-2011

    The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara... Read more

    Affected Products :
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2022-44022

    PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.... Read more

    Affected Products : pwndoc
    • EPSS Score: %0.08
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-44020

    An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupport... Read more

    Affected Products : fedora sushy-tools virtualbmc
    • EPSS Score: %0.03
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-44019

    In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.... Read more

    Affected Products : total.js
    • EPSS Score: %2.32
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-43776

    The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.... Read more

    Affected Products : metabase
    • EPSS Score: %0.12
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43775

    The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • EPSS Score: %9.60
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43774

    The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.24
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-43766

    Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java... Read more

    Affected Products : iotdb
    • EPSS Score: %0.40
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025
Showing 20 of 291573 Results