Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-25745

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2024-45757

    An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: May. 02, 2025

  • 4.8

    MEDIUM
    CVE-2023-4502

    The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capa... Read more

    • EPSS Score: %0.08
    • Published: Sep. 25, 2023
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-4270

    The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : min_max_control
    • EPSS Score: %0.11
    • Published: Sep. 11, 2023
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2023-35670

    In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Sep. 11, 2023
    • Modified: May. 02, 2025

  • 5.0

    MEDIUM
    CVE-2004-0230

    TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use lo... Read more

    • EPSS Score: %11.48
    • Published: Aug. 18, 2004
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2023-4036

    The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and pa... Read more

    Affected Products : simple_blog_card
    • EPSS Score: %0.14
    • Published: Aug. 30, 2023
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2023-43496

    Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the syste... Read more

    Affected Products : jenkins
    • EPSS Score: %0.14
    • Published: Sep. 20, 2023
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43227

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2020-21428

    Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.... Read more

    Affected Products : freeimage
    • EPSS Score: %0.06
    • Published: Aug. 22, 2023
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2023-44204

    An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed... Read more

    Affected Products : junos junos_os_evolved
    • EPSS Score: %0.05
    • Published: Oct. 13, 2023
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2023-44184

    An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a... Read more

    Affected Products : junos junos_os_evolved
    • EPSS Score: %0.13
    • Published: Oct. 13, 2023
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2025-32755

    In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselv... Read more

    Affected Products : ssh-agent ssh-slave
    • Published: Apr. 10, 2025
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2025-25891

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2025-25892

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025

  • 8.0

    HIGH
    CVE-2025-25893

    An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted ... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025

  • 8.0

    HIGH
    CVE-2025-25894

    An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025

  • 8.0

    HIGH
    CVE-2025-25895

    An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025

  • 5.7

    MEDIUM
    CVE-2025-25896

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2024-38475

    Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in ... Read more

    Affected Products : http_server ontap_9
    • Actively Exploited
    • Published: Jul. 01, 2024
    • Modified: May. 02, 2025
Showing 20 of 291162 Results