Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-35730

    D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is... Read more

    Affected Products : dap-2622_firmware dap-2622
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35731

    D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentic... Read more

    Affected Products : dap-2622_firmware dap-2622
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35732

    D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentic... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35733

    D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Auth... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35735

    D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authe... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35736

    D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authe... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35737

    D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Au... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35738

    D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Au... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35739

    D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 route... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35740

    D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. A... Read more

    Affected Products : dap-2622_firmware dap-2622
    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35741

    D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authent... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 5.9

    MEDIUM
    CVE-2024-3964

    The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    • Published: Jul. 13, 2024
    • Modified: May. 13, 2025

  • 8.8

    HIGH
    CVE-2023-35724

    D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required... Read more

    • Published: May. 03, 2024
    • Modified: May. 13, 2025

  • 5.3

    MEDIUM
    CVE-2025-0483

    A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack c... Read more

    Affected Products : native-php-cms native-php-cms
    • Published: Jan. 15, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-0480

    A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It i... Read more

    Affected Products : wuzhicms
    • Published: Jan. 15, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.2

    HIGH
    CVE-2025-29772

    OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul... Read more

    Affected Products : openemr
    • Published: Mar. 31, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-30161

    OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from a... Read more

    Affected Products : openemr
    • Published: Mar. 31, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-23025

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has... Read more

    Affected Products : xwiki
    • Published: Jan. 14, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-29926

    XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this R... Read more

    Affected Products : xwiki
    • Published: Mar. 19, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-39719

    An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, provid... Read more

    Affected Products : ollama
    • Published: Oct. 31, 2024
    • Modified: May. 13, 2025
Showing 20 of 292812 Results