Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-27332

    TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication ... Read more

    Affected Products : archer_ax21_firmware archer_ax21
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.8

    MEDIUM
    CVE-2023-27333

    TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentic... Read more

    Affected Products : archer_ax21_firmware archer_ax21
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 8.8

    HIGH
    CVE-2023-27346

    TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not requ... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2023-27359

    TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vul... Read more

    Affected Products : archer_ax21_firmware archer_ax21
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.8

    MEDIUM
    CVE-2023-32147

    D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required ... Read more

    Affected Products : dir-2640_firmware dir-2640
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2023-32148

    D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulne... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2024-2048

    Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certifica... Read more

    Affected Products : vault
    • Published: Mar. 04, 2024
    • Modified: Aug. 06, 2025

  • 8.8

    HIGH
    CVE-2023-32149

    D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication ... Read more

    Affected Products : dir-2640_firmware dir-2640
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.8

    MEDIUM
    CVE-2023-32150

    D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to ex... Read more

    Affected Products : dir-2640_firmware dir-2640
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.8

    MEDIUM
    CVE-2023-32151

    D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to ... Read more

    Affected Products : dir-2640_firmware dir-2640
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2023-32152

    D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vuln... Read more

    Affected Products : dir-2640_firmware dir-2640
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.8

    MEDIUM
    CVE-2023-32153

    D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to ex... Read more

    Affected Products : dir-2640_firmware dir-2640
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 3.3

    LOW
    CVE-2023-51612

    Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this v... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: May. 03, 2024
    • Modified: Aug. 06, 2025

  • 6.9

    MEDIUM
    CVE-2013-10062

    A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST paramete... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2013-10058

    An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the p... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2013-10047

    An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacke... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2012-10027

    WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, lead... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2012-10022

    Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user ... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2023-35748

    D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. ... Read more

    Affected Products : dap-2622_firmware dap-2622
    • Published: May. 07, 2024
    • Modified: Aug. 06, 2025

  • 8.8

    HIGH
    CVE-2023-35749

    D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authenticat... Read more

    • Published: May. 07, 2024
    • Modified: Aug. 06, 2025
Showing 20 of 291401 Results