Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-42010

    Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.... Read more

    Affected Products : heron
    • EPSS Score: %0.26
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38737

    SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38736

    SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3168

    A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql i... Read more

    Affected Products : time_table_generator_system
    • Published: Apr. 03, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3352

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php. The manipulation of the argument contnum leads to sql inject... Read more

    Affected Products : old_age_home_management_system
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-20348

    A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning... Read more

    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3370

    A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible t... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-48629

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands ... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48630

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a craft... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2024-48168

    A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.... Read more

    Affected Products : dcs-960l_firmware dcs-960l
    • Published: Oct. 14, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48632

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attac... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48631

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a craft... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48633

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vul... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48634

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafte... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48635

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48637

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48636

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a cr... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-20283

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could ex... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-48271

    D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.... Read more

    • Published: Oct. 30, 2024
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2025-27363

    An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed shor... Read more

    Affected Products : debian_linux freetype
    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291736 Results