Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44197

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44196

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44194

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.27
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44193

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44191

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44190

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44188

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44187

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44186

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44184

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.50
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-34830

    An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.... Read more

    Affected Products : utgard_gpu_kernel_driver
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2021-46854

    mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.... Read more

    Affected Products : proftpd
    • EPSS Score: %0.62
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2021-43258

    CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Up... Read more

    Affected Products : churchinfo
    • EPSS Score: %70.43
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-35284

    SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.... Read more

    Affected Products : cms-php
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 10.0

    CRITICAL
    CVE-2025-32432

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code executi... Read more

    Affected Products : craft_cms
    • Published: Apr. 25, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2018-14847

    MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.... Read more

    Affected Products : routeros
    • Actively Exploited
    • EPSS Score: %93.51
    • Published: Aug. 02, 2018
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2024-49138

    Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • Published: Dec. 12, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2024-21338

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • EPSS Score: %78.73
    • Published: Feb. 13, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2022-40772

    Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.... Read more

    • EPSS Score: %0.06
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 4.9

    MEDIUM
    CVE-2022-40771

    Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.... Read more

    • EPSS Score: %0.20
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025
Showing 20 of 291741 Results