Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2013-10047

    An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacke... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2012-10027

    WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, lead... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2012-10022

    Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user ... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2023-35748

    D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. ... Read more

    Affected Products : dap-2622_firmware dap-2622
    • Published: May. 07, 2024
    • Modified: Aug. 06, 2025

  • 8.8

    HIGH
    CVE-2023-35749

    D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authenticat... Read more

    • Published: May. 07, 2024
    • Modified: Aug. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-37325

    D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not r... Read more

    • Published: May. 07, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2024-5242

    TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to... Read more

    Affected Products : omada_er605_firmware omada_er605
    • Published: May. 23, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2024-5228

    TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Aut... Read more

    Affected Products : omada_er605_firmware omada_er605
    • Published: May. 23, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2024-5227

    TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not req... Read more

    Affected Products : omada_er605_firmware omada_er605
    • Published: May. 23, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2025-20128

    A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underf... Read more

    • Published: Jan. 22, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-8319

    the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter... Read more

    Affected Products : message_archiver_firmware
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2020-3538

    A vulnerability in a certain REST API endpoint of Cisco&nbsp;Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 5.4

    MEDIUM
    CVE-2020-3420

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cros... Read more

    Affected Products : unified_communications_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-54656

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs witho... Read more

    Affected Products : struts_extras
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-46958

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-20271

    A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validati... Read more

    • Published: Mar. 27, 2024
    • Modified: Aug. 06, 2025

  • 5.3

    MEDIUM
    CVE-2020-26062

    A vulnerability in Cisco&nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back f... Read more

    Affected Products : unified_computing_system
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39180

    A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installation... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39179

    A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2023-39176

    A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An at... Read more

    Affected Products : linux_kernel
    • Published: Nov. 18, 2024
    • Modified: Aug. 06, 2025
Showing 20 of 291773 Results