Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-46072

    Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.... Read more

    Affected Products : helmet_store_showroom
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46071

    There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 4.5

    MEDIUM
    CVE-2022-46062

    Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).... Read more

    Affected Products : gym_management_system
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-46061

    AeroCMS v0.0.1 is vulnerable to ClickJacking.... Read more

    Affected Products : aerocms
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45688

    A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.... Read more

    Affected Products : hutool json-java
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-44910

    Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.... Read more

    Affected Products : binbloom
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-3106

    An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2020-9420

    The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.... Read more

    Affected Products : vrv9506jac23_firmware vrv9506jac23
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2020-9419

    Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the admi... Read more

    Affected Products : vrv9506jac23_firmware vrv9506jac23
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-30406

    Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machin... Read more

    Affected Products : centrestack
    • Actively Exploited
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2023-42973

    Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2023-41076

    An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2023-42961

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictio... Read more

    Affected Products : macos iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2023-42981

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2023-42982

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-27655

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2024-27656

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2024-27657

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-27658

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42815

    This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025
Showing 20 of 293351 Results