Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-28198

    A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.... Read more

    Affected Products : carsale hitout_car_sale
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-54802

    In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header.... Read more

    Affected Products : wnr854t_firmware wnr854t
    • Published: Mar. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-54803

    Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection.... Read more

    Affected Products : wnr854t_firmware wnr854t
    • Published: Mar. 31, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-51006

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2022-4010

    The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : image_hover_effects
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-46905

    Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Refl... Read more

    Affected Products : websoft_hcm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-3930

    The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.... Read more

    Affected Products : directorist
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.0

    MEDIUM
    CVE-2022-31596

    Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve a... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-2993

    There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.... Read more

    Affected Products : zephyr
    • Published: Dec. 09, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20611

    In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20502

    In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.3

    HIGH
    CVE-2022-20501

    In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges ne... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20479

    In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20478

    In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20477

    In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20476

    In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is ... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-51001

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-51000

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a ... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-50999

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025

  • 5.7

    MEDIUM
    CVE-2024-50998

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Servic... Read more

    Affected Products : r8500_firmware r8500
    • Published: Nov. 05, 2024
    • Modified: Apr. 22, 2025
Showing 20 of 293646 Results