Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-44156

    Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-3690

    The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins... Read more

    Affected Products : popup_maker
    • EPSS Score: %0.24
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-3688

    The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks... Read more

    Affected Products : wpqa_builder
    • EPSS Score: %2.53
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-3634

    The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection... Read more

    Affected Products : contact_form_7_database_addon
    • EPSS Score: %0.43
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-3618

    The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : spacer
    • EPSS Score: %0.11
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-10918

    Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.... Read more

    Affected Products : libmodbus
    • Published: Feb. 27, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-37860

    In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; conseq... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-52511

    In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is ... Read more

    Affected Products : linux_kernel
    • Published: Mar. 02, 2024
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2025-37893

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in build_prologue() Vincent reported that running BPF progs with tailcalls on LoongArch causes kernel hard lockup. Debugging the issues shows that t... Read more

    Affected Products : linux_kernel
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-25916

    wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php.... Read more

    Affected Products : wuzhicms
    • Published: Feb. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2022-48627

    In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 02, 2024
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2025-1961

    A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_crud.php. The manipulation of the argument encryption le... Read more

    Affected Products : best_church_management_software
    • Published: Mar. 04, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2024-56195

    Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.... Read more

    Affected Products : traffic_server
    • Published: Mar. 06, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-56202

    Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the is... Read more

    Affected Products : traffic_server
    • Published: Mar. 06, 2025
    • Modified: Apr. 29, 2025

  • 9.1

    CRITICAL
    CVE-2024-37407

    Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.... Read more

    Affected Products : libarchive
    • Published: Jun. 08, 2024
    • Modified: Apr. 29, 2025

  • 6.3

    MEDIUM
    CVE-2024-38311

    Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, whi... Read more

    Affected Products : traffic_server
    • Published: Mar. 06, 2025
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-52627

    In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio event... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 26, 2024
    • Modified: Apr. 29, 2025

  • 6.0

    MEDIUM
    CVE-2024-26843

    In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 17, 2024
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-29209

    TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.... Read more

    Affected Products : x18_firmware x18
    • Published: Apr. 18, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-28137

    The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    Affected Products : a810r_firmware a810r
    • Published: Apr. 15, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291193 Results