Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-9419

    Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the admi... Read more

    Affected Products : vrv9506jac23_firmware vrv9506jac23
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-30406

    Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machin... Read more

    Affected Products : centrestack
    • Actively Exploited
    • Published: Apr. 03, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2023-42973

    Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.... Read more

    Affected Products : iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2023-41076

    An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2023-42961

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictio... Read more

    Affected Products : macos iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2023-42981

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2023-42982

    Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.... Read more

    Affected Products : macos
    • Published: Apr. 11, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-27655

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2024-27656

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2024-27657

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-27658

    D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 21, 2025

  • 5.5

    MEDIUM
    CVE-2022-42815

    This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Nov. 01, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-31161

    CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race c... Read more

    Affected Products : crushftp
    • Actively Exploited
    • Published: Apr. 03, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-0762

    Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 29, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-0448

    Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025

  • 8.8

    HIGH
    CVE-2025-0447

    Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0446

    Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-0443

    Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Mediu... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0442

    Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-0441

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 15, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293363 Results