Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-27585

    Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mecha... Read more

    Affected Products : sim1000_fx_firmware sim1000_fx
    • EPSS Score: %2.22
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 4.7

    MEDIUM
    CVE-2021-42205

    ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.... Read more

    Affected Products : elan_miniport_touchpad_driver
    • EPSS Score: %0.04
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2021-39473

    Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.... Read more

    Affected Products : hotelmanager
    • EPSS Score: %0.24
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2021-39432

    diplib v3.0.0 is vulnerable to Double Free.... Read more

    Affected Products : diplib
    • EPSS Score: %0.33
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2021-34055

    jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.... Read more

    Affected Products : debian_linux jhead
    • EPSS Score: %0.03
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 9.6

    CRITICAL
    CVE-2019-13690

    Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.26
    • Published: Aug. 25, 2023
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2019-13689

    Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.18
    • Published: Aug. 25, 2023
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-28144

    Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.... Read more

    • Published: Apr. 15, 2025
    • Modified: May. 02, 2025

  • 6.0

    MEDIUM
    CVE-2025-46565

    Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly expos... Read more

    Affected Products : vite
    • Published: May. 01, 2025
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-4620

    The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators... Read more

    Affected Products : booking_calendar
    • EPSS Score: %0.59
    • Published: Oct. 16, 2023
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-4294

    The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created s... Read more

    Affected Products : url_shortify
    • EPSS Score: %15.70
    • Published: Sep. 11, 2023
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2023-39434

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.65
    • Published: Sep. 27, 2023
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2023-28211

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-3821

    An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.... Read more

    Affected Products : enterprise_linux fedora systemd
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-34823

    Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remo... Read more

    • EPSS Score: %5.39
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-13102

    A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack ca... Read more

    • Published: Jan. 02, 2025
    • Modified: May. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-13103

    A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation lea... Read more

    • Published: Jan. 02, 2025
    • Modified: May. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-13104

    A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper ... Read more

    • Published: Jan. 02, 2025
    • Modified: May. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-13105

    A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation l... Read more

    • Published: Jan. 02, 2025
    • Modified: May. 02, 2025

  • 6.9

    MEDIUM
    CVE-2024-13106

    A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper ... Read more

    • Published: Jan. 02, 2025
    • Modified: May. 02, 2025
Showing 20 of 291150 Results